./mage -v ci:teste2e Running target: CI:TestE2E I0502 05:03:59.556630 18344 magefile.go:526] setting up new custom bundle for testing... I0502 05:03:59.941271 18344 util.go:512] found credentials for image ref quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1777698239-onoy -> user: redhat-appstudio-qe+redhat_appstudio_quality Creating Tekton Bundle: - Added Pipeline: docker-build to image I0502 05:04:01.200122 18344 bundle.go:57] image digest for a new tekton bundle quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1777698239-onoy: quay.io/redhat-appstudio-qe/test-images@sha256:aa30d77e14e5d37696a799255f8fc29b4dab4fceaa7df3a72f01f865ecf3658b I0502 05:04:01.200164 18344 magefile.go:532] To use the custom docker bundle locally, run below cmd: export CUSTOM_DOCKER_BUILD_PIPELINE_BUNDLE=quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1777698239-onoy I0502 05:04:02.230748 18344 release_service_catalog.go:104] checking if repository is release-service-catalog I0502 05:04:02.230765 18344 integration_service.go:49] checking if repository is integration-service I0502 05:04:02.230770 18344 image_controller.go:49] checking if repository is image-controller I0502 05:04:02.230774 18344 build_service.go:50] checking if repository is build-service I0502 05:04:02.230779 18344 build_service.go:31] require sprayproxy registering is set to TRUE I0502 05:04:02.230784 18344 build_service.go:34] setting test label filter: 'build-service' exec: go "install" "-mod=mod" "github.com/onsi/ginkgo/v2/ginkgo" go: downloading github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 go: downloading github.com/go-task/slim-sprig/v3 v3.0.0 I0502 05:04:05.864745 18344 e2e_repo.go:347] checking if repository is e2e-tests I0502 05:04:05.864773 18344 release_service.go:50] checking if repository is release-service I0502 05:04:05.864783 18344 types.go:155] The following rules have matched build-service repo CI Workflow Rule. I0502 05:04:05.864788 18344 types.go:180] Will apply rules exec: ginkgo "--seed=1777698239" "--timeout=1h30m0s" "--grace-period=30s" "--output-interceptor-mode=none" "--label-filter=build-service" "--no-color" "--json-report=e2e-report.json" "--junit-report=e2e-report.xml" "--procs=20" "--nodes=20" "--p" "--output-dir=/workspace/artifact-dir" "./cmd" "--" go: downloading github.com/konflux-ci/build-service v0.0.0-20240611083846-2dee6cfe6fe4 go: downloading github.com/IBM/go-sdk-core/v5 v5.15.3 go: downloading github.com/IBM/vpc-go-sdk v0.48.0 go: downloading github.com/aws/aws-sdk-go-v2/config v1.31.3 go: downloading github.com/aws/aws-sdk-go-v2/service/ec2 v1.143.0 go: downloading github.com/aws/aws-sdk-go-v2 v1.41.3 go: downloading github.com/minio/minio-go/v7 v7.0.99 go: downloading github.com/dustin/go-humanize v1.0.1 go: downloading github.com/tinylib/msgp v1.6.1 go: downloading github.com/minio/md5-simd v1.1.2 go: downloading github.com/go-ini/ini v1.67.0 go: downloading github.com/minio/crc64nvme v1.1.1 go: downloading github.com/klauspost/crc32 v1.3.0 go: downloading github.com/rs/xid v1.6.0 go: downloading github.com/aws/smithy-go v1.24.2 go: downloading github.com/philhofer/fwd v1.2.0 go: downloading github.com/aws/aws-sdk-go-v2/credentials v1.18.7 go: downloading github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.4 go: downloading github.com/aws/aws-sdk-go-v2/service/sso v1.28.2 go: downloading github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.0 go: downloading github.com/aws/aws-sdk-go-v2/service/sts v1.38.0 go: downloading github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 go: downloading github.com/go-playground/validator/v10 v10.17.0 go: downloading github.com/go-openapi/strfmt v0.25.0 go: downloading github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.19 go: downloading github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.19 go: downloading github.com/go-openapi/errors v0.22.6 go: downloading github.com/go-viper/mapstructure/v2 v2.4.0 go: downloading github.com/oklog/ulid v1.3.1 go: downloading go.mongodb.org/mongo-driver v1.17.7 go: downloading github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.6 go: downloading github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.19 go: downloading github.com/google/go-github/v45 v45.2.0 go: downloading github.com/leodido/go-urn v1.3.0 go: downloading github.com/go-playground/universal-translator v0.18.1 go: downloading github.com/gabriel-vasile/mimetype v1.4.3 go: downloading github.com/go-playground/locales v0.14.1 Running Suite: Red Hat App Studio E2E tests - /tmp/tmp.O2kCCFO8V9/cmd ===================================================================== Random Seed: 1777698239 Will run 150 of 467 specs Running in parallel across 20 processes ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification tests that Release CR is created for the Snapshot [release-pipelines, rh-push-to-external-registry] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/rh_push_to_external_registry.go:215 ------------------------------ SS ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification verifies a release PipelineRun is started and succeeded in managed namespace [release-pipelines, rh-push-to-external-registry] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/rh_push_to_external_registry.go:226 ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification validate the result of task create-pyxis-image contains image ids [release-pipelines, rh-push-to-external-registry] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/rh_push_to_external_registry.go:233 ------------------------------ SS ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification tests that Release CR has completed [release-pipelines, rh-push-to-external-registry] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/rh_push_to_external_registry.go:248 ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification validates that imageIds from task create-pyxis-image exist in Pyxis. [release-pipelines, rh-push-to-external-registry] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/rh_push_to_external_registry.go:265 ------------------------------ SSS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for release-to-github pipeline] Release-to-github happy path Post-release verification verifies if release CR is created [release-pipelines, release-to-github, releaseToGithub] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/release_to_github.go:138 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for release-to-github pipeline] Release-to-github happy path Post-release verification verifies the release pipelinerun is running and succeeds [release-pipelines, release-to-github, releaseToGithub] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/release_to_github.go:148 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for release-to-github pipeline] Release-to-github happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, release-to-github, releaseToGithub] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/release_to_github.go:181 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for release-to-github pipeline] Release-to-github happy path Post-release verification verifies if the Release exists in github repo [release-pipelines, release-to-github, releaseToGithub] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/release_to_github.go:192 ------------------------------ SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rhtap-service-push pipeline] Rhtap-service-push happy path Post-release verification verifies if the release CR is created [release-pipelines, rhtap-service-push, RhtapServicePush] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/rhtap_service_push.go:150 ------------------------------ SS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-push-to-redhat-io pipeline] Rh-push-to-redhat-io happy path Post-release verification verifies if the release CR is created [release-pipelines, rh-push-to-registry-redhat-io, PushToRedhatIO] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/rh_push_to_registry_redhat_io.go:108 ------------------------------ SSSSSSSSSSSSSSSSSSSSSSSSSS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rhtap-service-push pipeline] Rhtap-service-push happy path Post-release verification verifies the rhtap release pipelinerun is running and succeeds [release-pipelines, rhtap-service-push, RhtapServicePush] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/rhtap_service_push.go:160 ------------------------------ SSSS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rhtap-service-push pipeline] Rhtap-service-push happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, rhtap-service-push, RhtapServicePush] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/rhtap_service_push.go:190 ------------------------------ SS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rhtap-service-push pipeline] Rhtap-service-push happy path Post-release verification verifies if the PR in infra-deployments repo is created/updated [release-pipelines, rhtap-service-push, RhtapServicePush] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/rhtap_service_push.go:200 ------------------------------ SSSSSS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-advisories pipeline] Rh-advisories happy path Post-release verification verifies if release CR is created [release-pipelines, rh-advisories, rhAdvisories] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/rh_advisories.go:117 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-push-to-redhat-io pipeline] Rh-push-to-redhat-io happy path Post-release verification verifies the rhio release pipelinerun is running and succeeds [release-pipelines, rh-push-to-registry-redhat-io, PushToRedhatIO] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/rh_push_to_registry_redhat_io.go:118 ------------------------------ SS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-advisories pipeline] Rh-advisories happy path Post-release verification verifies the advs release pipelinerun is running and succeeds [release-pipelines, rh-advisories, rhAdvisories] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/rh_advisories.go:127 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-advisories pipeline] Rh-advisories happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, rh-advisories, rhAdvisories] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/rh_advisories.go:157 ------------------------------ SS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-push-to-redhat-io pipeline] Rh-push-to-redhat-io happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, rh-push-to-registry-redhat-io, PushToRedhatIO] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/rh_push_to_registry_redhat_io.go:148 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-advisories pipeline] Rh-advisories happy path Post-release verification verifies if the repository URL is valid [release-pipelines, rh-advisories, rhAdvisories] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/rh_advisories.go:168 ------------------------------ SSS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-push-to-redhat-io pipeline] Rh-push-to-redhat-io happy path Post-release verification verifies if the MR URL is valid [release-pipelines, rh-push-to-registry-redhat-io, PushToRedhatIO] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/rh_push_to_registry_redhat_io.go:159 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for multi arch with rh-advisories pipeline] Multi arch test happy path Post-release verification verifies the release CR is created [release-pipelines, rh-advisories, multiarch-advisories, multiArchAdvisories] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/multiarch_advisories.go:112 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC happy path Post-release verification creates component from git source https://github.com/redhat-appstudio-qe/fbc-sample-repo-test [release-pipelines, fbc-release, fbcHappyPath] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/fbc_release.go:123 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for multi arch with rh-advisories pipeline] Multi arch test happy path Post-release verification verifies the multiarch release pipelinerun is running and succeeds [release-pipelines, rh-advisories, multiarch-advisories, multiArchAdvisories] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/multiarch_advisories.go:122 ------------------------------ SSS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for multi arch with rh-advisories pipeline] Multi arch test happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, rh-advisories, multiarch-advisories, multiArchAdvisories] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/multiarch_advisories.go:152 ------------------------------ S ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params when context points to a file [build-templates] /tmp/tmp.O2kCCFO8V9/tests/build/tkn-bundle.go:188 ------------------------------ SSS ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC happy path Post-release verification Creates a push snapshot for a release [release-pipelines, fbc-release, fbcHappyPath] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/fbc_release.go:128 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params creates Tekton bundles from specific context [build-templates] /tmp/tmp.O2kCCFO8V9/tests/build/tkn-bundle.go:199 ------------------------------ P [PENDING] [release-pipelines-suite Push to external registry] Post-release verification verifies that a Release CR should have been created in the dev namespace [release-pipelines, push-to-external-registry] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/push_to_external_registry.go:157 ------------------------------ SS ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params when context is the root directory [build-templates] /tmp/tmp.O2kCCFO8V9/tests/build/tkn-bundle.go:209 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for multi arch with rh-advisories pipeline] Multi arch test happy path Post-release verification verifies if the repository URL is valid [release-pipelines, rh-advisories, multiarch-advisories, multiArchAdvisories] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/multiarch_advisories.go:163 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params creates Tekton bundles when context points to a file and a directory [build-templates] /tmp/tmp.O2kCCFO8V9/tests/build/tkn-bundle.go:218 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created a PipelineRun is triggered [multi-platform, aws-host-pool] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:120 ------------------------------ SSS ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC happy path Post-release verification verifies the fbc release pipelinerun is running and succeeds [release-pipelines, fbc-release, fbcHappyPath] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/fbc_release.go:132 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params creates Tekton bundles when using negation [build-templates] /tmp/tmp.O2kCCFO8V9/tests/build/tkn-bundle.go:228 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created the build-container task from component pipelinerun is buildah-remote [multi-platform, aws-host-pool] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:124 ------------------------------ S ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params allows overriding HOME environment variable [build-templates] /tmp/tmp.O2kCCFO8V9/tests/build/tkn-bundle.go:238 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, fbc-release, fbcHappyPath] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/fbc_release.go:136 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite Push to external registry] Post-release verification verifies that Release PipelineRun should eventually succeed [release-pipelines, push-to-external-registry] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/push_to_external_registry.go:164 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC Staged Index Post-release verification creates component from git source https://github.com/redhat-appstudio-qe/fbc-sample-repo-test [release-pipelines, fbc-release, fbcStagedIndex] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/fbc_release.go:178 ------------------------------ SS ------------------------------ P [PENDING] [release-pipelines-suite Push to external registry] Post-release verification tests if the image was pushed to quay [release-pipelines, push-to-external-registry] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/push_to_external_registry.go:168 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC Staged Index Post-release verification Creates a push snapshot for a release [release-pipelines, fbc-release, fbcStagedIndex] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/fbc_release.go:183 ------------------------------ SS ------------------------------ P [PENDING] [release-pipelines-suite Push to external registry] Post-release verification verifies that a Release is marked as succeeded. [release-pipelines, push-to-external-registry] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/push_to_external_registry.go:175 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC Staged Index Post-release verification verifies the fbc release pipelinerun is running and succeeds [release-pipelines, fbc-release, fbcStagedIndex] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/fbc_release.go:187 ------------------------------ SS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created The multi platform secret is populated [multi-platform, aws-host-pool] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:127 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC Staged Index Post-release verification verifies release CR completed and set succeeded. [release-pipelines, fbc-release, fbcStagedIndex] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/fbc_release.go:191 ------------------------------ SSS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created that PipelineRun completes successfully [multi-platform, aws-host-pool] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:148 ------------------------------ S ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params allows overriding STEP image [build-templates] /tmp/tmp.O2kCCFO8V9/tests/build/tkn-bundle.go:247 ------------------------------ SSSSSS ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC hotfix process FBC hotfix post-release verification creates component from git source https://github.com/redhat-appstudio-qe/fbc-sample-repo-test [release-pipelines, fbc-release, fbcHotfix] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/fbc_release.go:233 ------------------------------ SS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created test that cleanup happened successfully [multi-platform, aws-host-pool] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:152 ------------------------------ SSS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created a PipelineRun is triggered [multi-platform, aws-dynamic] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:251 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC hotfix process FBC hotfix post-release verification Creates a push snapshot for a release [release-pipelines, fbc-release, fbcHotfix] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/fbc_release.go:238 ------------------------------ SS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created the build-container task from component pipelinerun is buildah-remote [multi-platform, aws-dynamic] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:255 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC hotfix process FBC hotfix post-release verification verifies the fbc release pipelinerun is running and succeeds [release-pipelines, fbc-release, fbcHotfix] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/fbc_release.go:242 ------------------------------ SS ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC hotfix process FBC hotfix post-release verification verifies release CR completed and set succeeded. [release-pipelines, fbc-release, fbcHotfix] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/fbc_release.go:246 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created The multi platform secret is populated [multi-platform, aws-dynamic] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:259 ------------------------------ SSSS ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC pre-GA process FBC pre-GA post-release verification creates component from git source https://github.com/redhat-appstudio-qe/fbc-sample-repo-test [release-pipelines, fbc-release, fbcPreGA] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/fbc_release.go:286 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created that PipelineRun completes successfully [multi-platform, aws-dynamic] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:263 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC pre-GA process FBC pre-GA post-release verification Creates a push snapshot for a release [release-pipelines, fbc-release, fbcPreGA] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/fbc_release.go:291 ------------------------------ SSSS ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC pre-GA process FBC pre-GA post-release verification verifies the fbc release pipelinerun is running and succeeds [release-pipelines, fbc-release, fbcPreGA] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/fbc_release.go:295 ------------------------------ S ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created check cleanup happened successfully [multi-platform, aws-dynamic] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:267 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC pre-GA process FBC pre-GA post-release verification verifies release CR completed and set succeeded. [release-pipelines, fbc-release, fbcPreGA] /tmp/tmp.O2kCCFO8V9/tests/release/pipelines/fbc_release.go:299 ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build-oci-ta-min) when Pipeline Results are stored for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta-min should have Pipeline Logs [build, build-templates, HACBS, pipeline-service, pipeline] /tmp/tmp.O2kCCFO8V9/tests/build/build_templates.go:507 ------------------------------ S ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created a PipelineRun is triggered [multi-platform, ibmz-dynamic] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:341 ------------------------------ SS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created the build-container task from component pipelinerun is buildah-remote [multi-platform, ibmz-dynamic] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:345 ------------------------------ S ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created The multi platform secret is populated [multi-platform, ibmz-dynamic] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:349 ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build-oci-ta-min) when the container image for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic is created and pushed to container registry verify-enterprise-contract check should pass [build, build-templates, HACBS, pipeline-service, pipeline, sbom, slow, build-templates-e2e] /tmp/tmp.O2kCCFO8V9/tests/build/build_templates.go:569 ------------------------------ S ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created that PipelineRun completes successfully [multi-platform, ibmz-dynamic] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:353 ------------------------------ SS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created check cleanup happened successfully [multi-platform, ibmz-dynamic] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:357 ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build-oci-ta-min) build-definitions ec pipelines runs ec pipeline pipelines/enterprise-contract.yaml [build, build-templates, HACBS, pipeline-service, pipeline, build-templates-e2e] /tmp/tmp.O2kCCFO8V9/tests/build/build_templates.go:744 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created a PipelineRun is triggered [multi-platform, ibmp-dynamic] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:432 ------------------------------ SSS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created the build-container task from component pipelinerun is buildah-remote [multi-platform, ibmp-dynamic] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:436 ------------------------------ SSSS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created The multi platform secret is populated [multi-platform, ibmp-dynamic] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:440 ------------------------------ SSSSS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created that PipelineRun completes successfully [multi-platform, ibmp-dynamic] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:444 ------------------------------ SSS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created check cleanup happened successfully [multi-platform, ibmp-dynamic] /tmp/tmp.O2kCCFO8V9/tests/build/multi-platform.go:448 ------------------------------ SSSS ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build) when Pipeline Results are stored for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build should have Pipeline Logs [build, build-templates, HACBS, pipeline-service, pipeline] /tmp/tmp.O2kCCFO8V9/tests/build/build_templates.go:507 ------------------------------ SSSSSSS ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build) when the container image for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic is created and pushed to container registry verify-enterprise-contract check should pass [build, build-templates, HACBS, pipeline-service, pipeline, sbom, slow, build-templates-e2e] /tmp/tmp.O2kCCFO8V9/tests/build/build_templates.go:569 ------------------------------ SSSSS ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build) build-definitions ec pipelines runs ec pipeline pipelines/enterprise-contract.yaml [build, build-templates, HACBS, pipeline-service, pipeline, build-templates-e2e] /tmp/tmp.O2kCCFO8V9/tests/build/build_templates.go:744 ------------------------------ SSSSSSSSSSSSSS ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build-oci-ta) when Pipeline Results are stored for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta should have Pipeline Logs [build, build-templates, HACBS, pipeline-service, pipeline] /tmp/tmp.O2kCCFO8V9/tests/build/build_templates.go:507 ------------------------------ SS ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build-oci-ta) when the container image for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic is created and pushed to container registry verify-enterprise-contract check should pass [build, build-templates, HACBS, pipeline-service, pipeline, sbom, slow, build-templates-e2e] /tmp/tmp.O2kCCFO8V9/tests/build/build_templates.go:569 ------------------------------ S ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build-oci-ta) build-definitions ec pipelines runs ec pipeline pipelines/enterprise-contract.yaml [build, build-templates, HACBS, pipeline-service, pipeline, build-templates-e2e] /tmp/tmp.O2kCCFO8V9/tests/build/build_templates.go:744 ------------------------------ S••••••••••••••••••••••••••••••••••••••••••••••••••• ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test build secret lookup when two secrets are created when second component is deleted, pac pr branch should not exist in the repo [build-service, github, pac-build, secret-lookup] /tmp/tmp.O2kCCFO8V9/tests/build/secret_lookup.go:206 ------------------------------ •••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is merged retrigger the pipeline manually [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:600 ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is merged retriggered pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:642 ------------------------------ •••• ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged retrigger the pipeline manually [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:600 ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged retriggered pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:642 ------------------------------ ••••••••••••••••••••••• ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is merged retrigger the pipeline manually [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:600 ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is merged retriggered pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /tmp/tmp.O2kCCFO8V9/tests/build/pac_build.go:642 ------------------------------ •• ------------------------------ • [FAILED] [1408.030 seconds] [build-service-suite Build service E2E tests] test pac with multiple components using same repository when components are created in same namespace [It] the PipelineRun should eventually finish successfully for component python-component-sukmsc [build-service, github, pac-build, multi-component] /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:159 Timeline >> PipelineRun python-component-sukmsc-on-pull-request-zg9vq found for Component build-e2e-wqrk/python-component-sukmsc PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: ResolvingTaskRef PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Running PipelineRun python-component-sukmsc-on-pull-request-zg9vq reason: Failed attempt 1/3: PipelineRun "python-component-sukmsc-on-pull-request-zg9vq" failed: pod: python-component-sukmsc-on-3d3172b85ea5e0c15d02ec1309ff8970-pod | init container: prepare 2026/05/02 05:45:47 Entrypoint initialization pod: python-component-sukmsc-on-3d3172b85ea5e0c15d02ec1309ff8970-pod | init container: place-scripts 2026/05/02 05:45:48 Decoded script /tekton/scripts/script-1-hl8vj 2026/05/02 05:45:48 Decoded script /tekton/scripts/script-2-nv22m 2026/05/02 05:45:48 Decoded script /tekton/scripts/script-3-9jmt9 2026/05/02 05:45:48 Decoded script /tekton/scripts/script-4-cr4nj 2026/05/02 05:45:48 Decoded script /tekton/scripts/script-5-dtzrv pod: python-component-sukmsc-on-3d3172b85ea5e0c15d02ec1309ff8970-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras blob fetch --registry-config /tmp/use-oci.sh.7uWG5d/auth-x4nJQS.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:06cff40a3970c64bcccdbbfc59f27155ab36c51c6529191b8df58d96cdb58728 --output - Restored artifact quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:06cff40a3970c64bcccdbbfc59f27155ab36c51c6529191b8df58d96cdb58728 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: python-component-sukmsc-on-3d3172b85ea5e0c15d02ec1309ff8970-pod | container step-build: [2026-05-02T05:45:54,435434352+00:00] Validate context path [2026-05-02T05:45:54,439017475+00:00] Update CA trust [2026-05-02T05:45:54,440009173+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T05:45:58,308082555+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-05-02T05:45:58,315787432+00:00] Prepare system (architecture: x86_64) [2026-05-02T05:45:58,332116835+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi9/python-39:1-117.1684741281... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:8a2e9815396eaa57b0dfe27b2dfc442417f06aa70974c358f198980b533c7942 Copying blob sha256:5465449a2ea5d8a7e05fa498c8ba35f0ce7714b0ad37e716961fca17dfa1ef13 Copying blob sha256:085efe85e9dfb0b3d5d2392e4b78660a3091bf1ded336315117a627fbdd0567d Copying blob sha256:a07d808ddf4404b3885fef6100142a973cc667b2c3c4abcf4db96508795b1efb Copying config sha256:45c8f23c11bb64f238236aaf5cbe05595778e1d4fb6c06109c6fcc0a6b57a45b Writing manifest to image destination Storing signatures [2026-05-02T05:46:49,136550699+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-05-02T05:45:58Z", "com.redhat.component": "python-39-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.buildpacks.stack.id": "com.redhat.stacks.ubi9-python-39", "io.k8s.description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "io.k8s.display-name": "Python 3.9", "io.openshift.expose-services": "8080:http", "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i", "io.openshift.tags": "builder,python,python39,python-39,rh-python39", "io.s2i.scripts-url": "image:///usr/libexec/s2i", "maintainer": "SoftwareCollections.org ", "name": "ubi9/python-39", "release": "117.1684741281", "summary": "Platform for building and running Python 3.9 applications", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi9/python-39/images/1-117.1684741281", "usage": "s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.9/test/setup-test-app/ ubi9/python-39 python-sample-app", "vcs-ref": "5e9d7456147050972e8bd012a2304f2853af7090", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1", "org.opencontainers.image.revision": "5e9d7456147050972e8bd012a2304f2853af7090", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/sample-multi-component", "quay.expires-after": "5d", "org.opencontainers.image.created": "2026-05-02T05:45:58Z" } [2026-05-02T05:46:49,205137997+00:00] Register sub-man Adding the entitlement to the build [2026-05-02T05:46:49,208439364+00:00] Add secrets [2026-05-02T05:46:49,223410703+00:00] Run buildah build [2026-05-02T05:46:49,224508110+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=5e9d7456147050972e8bd012a2304f2853af7090 --label org.opencontainers.image.revision=5e9d7456147050972e8bd012a2304f2853af7090 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --label quay.expires-after=5d --label build-date=2026-05-02T05:45:58Z --label org.opencontainers.image.created=2026-05-02T05:45:58Z --annotation org.opencontainers.image.revision=5e9d7456147050972e8bd012a2304f2853af7090 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --annotation org.opencontainers.image.created=2026-05-02T05:45:58Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.E1ZDdx -t quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-5e9d7456147050972e8bd012a2304f2853af7090 . STEP 1/10: FROM registry.access.redhat.com/ubi9/python-39:1-117.1684741281 STEP 2/10: EXPOSE 8081/tcp STEP 3/10: ENV FLASK_PORT=8081 STEP 4/10: WORKDIR /projects STEP 5/10: COPY . . STEP 6/10: RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; elif [ `ls -1q *.txt | wc -l` == 1 ]; then pip install -r *.txt; fi Collecting Flask==2.3.3 Downloading flask-2.3.3-py3-none-any.whl (96 kB) Collecting Werkzeug>=2.3.7 Downloading werkzeug-3.1.8-py3-none-any.whl (226 kB) Collecting Jinja2>=3.1.2 Downloading jinja2-3.1.6-py3-none-any.whl (134 kB) Collecting importlib-metadata>=3.6.0 Downloading importlib_metadata-8.7.1-py3-none-any.whl (27 kB) Collecting itsdangerous>=2.1.2 Downloading itsdangerous-2.2.0-py3-none-any.whl (16 kB) Collecting click>=8.1.3 Downloading click-8.1.8-py3-none-any.whl (98 kB) Collecting blinker>=1.6.2 Downloading blinker-1.9.0-py3-none-any.whl (8.5 kB) Collecting zipp>=3.20 Downloading zipp-3.23.1-py3-none-any.whl (10 kB) Collecting MarkupSafe>=2.0 Downloading markupsafe-3.0.3-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl (20 kB) Installing collected packages: zipp, MarkupSafe, Werkzeug, Jinja2, itsdangerous, importlib-metadata, click, blinker, Flask Successfully installed Flask-2.3.3 Jinja2-3.1.6 MarkupSafe-3.0.3 Werkzeug-3.1.8 blinker-1.9.0 click-8.1.8 importlib-metadata-8.7.1 itsdangerous-2.2.0 zipp-3.23.1 WARNING: You are using pip version 21.3.1; however, version 26.0.1 is available. You should consider upgrading via the '/opt/app-root/bin/python3.9 -m pip install --upgrade pip' command. STEP 7/10: CMD [ "python", "./app.py" ] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json STEP 9/10: COPY labels.json /root/buildinfo/labels.json STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="5e9d7456147050972e8bd012a2304f2853af7090" "org.opencontainers.image.revision"="5e9d7456147050972e8bd012a2304f2853af7090" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/sample-multi-component" "quay.expires-after"="5d" "build-date"="2026-05-02T05:45:58Z" "org.opencontainers.image.created"="2026-05-02T05:45:58Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-5e9d7456147050972e8bd012a2304f2853af7090 --> 880be21bb0a4 Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-5e9d7456147050972e8bd012a2304f2853af7090 880be21bb0a4dc887183f659aa71c959e4ec28102a3ef2c74b39e7e6a44dec3e [2026-05-02T05:46:55,183562848+00:00] Unsetting proxy [2026-05-02T05:46:55,184914592+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi9/python-39:1-117.1684741281 registry.access.redhat.com/ubi9/python-39:1-117.1684741281@sha256:40a58935b9c22664927b22bf256f53a3d744ddb7316f3af18061099e199526ee Getting image source signatures Copying blob sha256:6c1759502abb16f05c80d58967d8fb390a61614ead8273dc0332b032414656aa Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying config sha256:880be21bb0a4dc887183f659aa71c959e4ec28102a3ef2c74b39e7e6a44dec3e Writing manifest to image destination [2026-05-02T05:47:40,567015487+00:00] End build pod: python-component-sukmsc-on-3d3172b85ea5e0c15d02ec1309ff8970-pod | container step-push: [2026-05-02T05:47:40,874407321+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T05:48:03,619431673+00:00] Convert image [2026-05-02T05:48:03,620452583+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:python-component-sukmsc-on-pull-request-zg9vq-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-5e9d7456147050972e8bd012a2304f2853af7090 docker://quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:python-component-sukmsc-on-pull-request-zg9vq-build-container Getting image source signatures Copying blob sha256:6c1759502abb16f05c80d58967d8fb390a61614ead8273dc0332b032414656aa Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 pod: python-component-sukmsc-on-3d3172b85ea5e0c15d02ec1309ff8970-pod | container step-sbom-syft-generate: pod: python-component-sukmsc-on-3d3172b85ea5e0c15d02ec1309ff8970-pod | container step-prepare-sboms: pod: python-component-sukmsc-on-3d3172b85ea5e0c15d02ec1309ff8970-pod | container step-upload-sbom: pod: python-component-sukmsc-on-754999f46a0fa17555be458a5cf6e66a-pod | init container: prepare 2026/05/02 05:44:21 Entrypoint initialization pod: python-component-sukmsc-on-754999f46a0fa17555be458a5cf6e66a-pod | init container: place-scripts 2026/05/02 05:44:28 Decoded script /tekton/scripts/script-0-ch9rn 2026/05/02 05:44:28 Decoded script /tekton/scripts/script-1-d5ndj pod: python-component-sukmsc-on-754999f46a0fa17555be458a5cf6e66a-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1777700694.173177,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777700694.6118438,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/sample-multi-component @ 5e9d7456147050972e8bd012a2304f2853af7090 (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1777700694.6118908,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777700694.6385515,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision 5e9d7456147050972e8bd012a2304f2853af7090 directly. pod: python-component-sukmsc-on-754999f46a0fa17555be458a5cf6e66a-pod | container step-symlink-check: Running symlink check pod: python-component-sukmsc-on-754999f46a0fa17555be458a5cf6e66a-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:06cff40a3970c64bcccdbbfc59f27155ab36c51c6529191b8df58d96cdb58728) Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras push --annotation=quay.expires-after=5d --registry-config /tmp/create-oci.sh.LSOynh/auth-yT5i5V.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-5e9d7456147050972e8bd012a2304f2853af7090.git SOURCE_ARTIFACT Uploading 06cff40a3970 SOURCE_ARTIFACT Uploaded 06cff40a3970 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-5e9d7456147050972e8bd012a2304f2853af7090.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:fee9b79c54daebaa5a22532de75a5a97729d55ba732bf70c20b1afdbdca0ee79 Artifacts created pod: python-component-sukmsc-on-pull-request-zg9vq-init-pod | init container: prepare 2026/05/02 05:43:37 Entrypoint initialization pod: python-component-sukmsc-on-pull-request-zg9vq-init-pod | container step-init: time="2026-05-02T05:44:02Z" level=info msg="[param] enable: false" time="2026-05-02T05:44:02Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-02T05:44:02Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-02T05:44:02Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-02T05:44:02Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-02T05:44:02Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-02T05:44:02Z" level=info msg="Cache proxy is disabled via param" time="2026-05-02T05:44:02Z" level=info msg="[result] HTTP PROXY: " time="2026-05-02T05:44:02Z" level=info msg="[result] NO PROXY: " New PipelineRun python-component-sukmsc-on-pull-request-g52js found after retrigger for component build-e2e-wqrk/python-component-sukmsc PipelineRun python-component-sukmsc-on-pull-request-g52js found for Component build-e2e-wqrk/python-component-sukmsc PipelineRun python-component-sukmsc-on-pull-request-g52js reason: ResolvingTaskRef PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Running PipelineRun python-component-sukmsc-on-pull-request-g52js reason: PipelineRunStopping PipelineRun python-component-sukmsc-on-pull-request-g52js reason: Failed attempt 2/3: PipelineRun "python-component-sukmsc-on-pull-request-g52js" failed: pod: python-component-sukmsc-on-4d00d73d9f32a7889b3519c6da3e8f90-pod | init container: prepare 2026/05/02 05:52:38 Entrypoint initialization pod: python-component-sukmsc-on-4d00d73d9f32a7889b3519c6da3e8f90-pod | init container: place-scripts 2026/05/02 05:52:39 Decoded script /tekton/scripts/script-1-jqn5n 2026/05/02 05:52:39 Decoded script /tekton/scripts/script-2-v2r5f 2026/05/02 05:52:39 Decoded script /tekton/scripts/script-3-q2wqz 2026/05/02 05:52:39 Decoded script /tekton/scripts/script-4-5jmn7 2026/05/02 05:52:39 Decoded script /tekton/scripts/script-5-v262p pod: python-component-sukmsc-on-4d00d73d9f32a7889b3519c6da3e8f90-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras blob fetch --registry-config /tmp/use-oci.sh.lF2h7i/auth-ucX3Mf.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:1be8c6571584be9aeebd552893a68dbc5fc5bf91179437d45cfc9f406a8e597b --output - Restored artifact quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:1be8c6571584be9aeebd552893a68dbc5fc5bf91179437d45cfc9f406a8e597b to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: python-component-sukmsc-on-4d00d73d9f32a7889b3519c6da3e8f90-pod | container step-build: [2026-05-02T05:52:45,310161517+00:00] Validate context path [2026-05-02T05:52:45,313603358+00:00] Update CA trust [2026-05-02T05:52:45,314606115+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T05:52:49,698074396+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-05-02T05:52:49,757246497+00:00] Prepare system (architecture: x86_64) [2026-05-02T05:52:49,773512560+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi9/python-39:1-117.1684741281... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:8a2e9815396eaa57b0dfe27b2dfc442417f06aa70974c358f198980b533c7942 Copying blob sha256:5465449a2ea5d8a7e05fa498c8ba35f0ce7714b0ad37e716961fca17dfa1ef13 Copying blob sha256:085efe85e9dfb0b3d5d2392e4b78660a3091bf1ded336315117a627fbdd0567d Copying blob sha256:a07d808ddf4404b3885fef6100142a973cc667b2c3c4abcf4db96508795b1efb Copying config sha256:45c8f23c11bb64f238236aaf5cbe05595778e1d4fb6c06109c6fcc0a6b57a45b Writing manifest to image destination Storing signatures [2026-05-02T05:53:20,865452106+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-05-02T05:52:49Z", "com.redhat.component": "python-39-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.buildpacks.stack.id": "com.redhat.stacks.ubi9-python-39", "io.k8s.description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "io.k8s.display-name": "Python 3.9", "io.openshift.expose-services": "8080:http", "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i", "io.openshift.tags": "builder,python,python39,python-39,rh-python39", "io.s2i.scripts-url": "image:///usr/libexec/s2i", "maintainer": "SoftwareCollections.org ", "name": "ubi9/python-39", "release": "117.1684741281", "summary": "Platform for building and running Python 3.9 applications", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi9/python-39/images/1-117.1684741281", "usage": "s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.9/test/setup-test-app/ ubi9/python-39 python-sample-app", "vcs-ref": "8db91b08c42f4543dde16ba8ac772c5a35f83632", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1", "org.opencontainers.image.revision": "8db91b08c42f4543dde16ba8ac772c5a35f83632", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/sample-multi-component", "quay.expires-after": "5d", "org.opencontainers.image.created": "2026-05-02T05:52:49Z" } [2026-05-02T05:53:20,967803990+00:00] Register sub-man Adding the entitlement to the build [2026-05-02T05:53:20,970866796+00:00] Add secrets [2026-05-02T05:53:20,986355232+00:00] Run buildah build [2026-05-02T05:53:20,987614197+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=8db91b08c42f4543dde16ba8ac772c5a35f83632 --label org.opencontainers.image.revision=8db91b08c42f4543dde16ba8ac772c5a35f83632 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --label quay.expires-after=5d --label build-date=2026-05-02T05:52:49Z --label org.opencontainers.image.created=2026-05-02T05:52:49Z --annotation org.opencontainers.image.revision=8db91b08c42f4543dde16ba8ac772c5a35f83632 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --annotation org.opencontainers.image.created=2026-05-02T05:52:49Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.erUxuw -t quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632 . STEP 1/10: FROM registry.access.redhat.com/ubi9/python-39:1-117.1684741281 STEP 2/10: EXPOSE 8081/tcp STEP 3/10: ENV FLASK_PORT=8081 STEP 4/10: WORKDIR /projects STEP 5/10: COPY . . STEP 6/10: RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; elif [ `ls -1q *.txt | wc -l` == 1 ]; then pip install -r *.txt; fi Collecting Flask==2.3.3 Downloading flask-2.3.3-py3-none-any.whl (96 kB) Collecting itsdangerous>=2.1.2 Downloading itsdangerous-2.2.0-py3-none-any.whl (16 kB) Collecting Werkzeug>=2.3.7 Downloading werkzeug-3.1.8-py3-none-any.whl (226 kB) Collecting blinker>=1.6.2 Downloading blinker-1.9.0-py3-none-any.whl (8.5 kB) Collecting importlib-metadata>=3.6.0 Downloading importlib_metadata-8.7.1-py3-none-any.whl (27 kB) Collecting click>=8.1.3 Downloading click-8.1.8-py3-none-any.whl (98 kB) Collecting Jinja2>=3.1.2 Downloading jinja2-3.1.6-py3-none-any.whl (134 kB) Collecting zipp>=3.20 Downloading zipp-3.23.1-py3-none-any.whl (10 kB) Collecting MarkupSafe>=2.0 Downloading markupsafe-3.0.3-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl (20 kB) Installing collected packages: zipp, MarkupSafe, Werkzeug, Jinja2, itsdangerous, importlib-metadata, click, blinker, Flask Successfully installed Flask-2.3.3 Jinja2-3.1.6 MarkupSafe-3.0.3 Werkzeug-3.1.8 blinker-1.9.0 click-8.1.8 importlib-metadata-8.7.1 itsdangerous-2.2.0 zipp-3.23.1 WARNING: You are using pip version 21.3.1; however, version 26.0.1 is available. You should consider upgrading via the '/opt/app-root/bin/python3.9 -m pip install --upgrade pip' command. STEP 7/10: CMD [ "python", "./app.py" ] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json STEP 9/10: COPY labels.json /root/buildinfo/labels.json STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="8db91b08c42f4543dde16ba8ac772c5a35f83632" "org.opencontainers.image.revision"="8db91b08c42f4543dde16ba8ac772c5a35f83632" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/sample-multi-component" "quay.expires-after"="5d" "build-date"="2026-05-02T05:52:49Z" "org.opencontainers.image.created"="2026-05-02T05:52:49Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632 --> 29475068a368 Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632 29475068a36850ec74569e2c524bbdbed02fbe3dcc7814641c4ed3edf6d0c4fb [2026-05-02T05:53:27,336853436+00:00] Unsetting proxy [2026-05-02T05:53:27,338188448+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi9/python-39:1-117.1684741281 registry.access.redhat.com/ubi9/python-39:1-117.1684741281@sha256:40a58935b9c22664927b22bf256f53a3d744ddb7316f3af18061099e199526ee Getting image source signatures Copying blob sha256:f2b315ae926318259c6690c0a9c37966a04f31da7632672ee908d09bd1cd9887 Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying config sha256:29475068a36850ec74569e2c524bbdbed02fbe3dcc7814641c4ed3edf6d0c4fb Writing manifest to image destination [2026-05-02T05:53:59,582127454+00:00] End build pod: python-component-sukmsc-on-4d00d73d9f32a7889b3519c6da3e8f90-pod | container step-push: [2026-05-02T05:53:59,845018994+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T05:54:21,115361325+00:00] Convert image [2026-05-02T05:54:21,205614784+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:python-component-sukmsc-on-pull-request-g52js-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632 docker://quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:python-component-sukmsc-on-pull-request-g52js-build-container Getting image source signatures Copying blob sha256:f2b315ae926318259c6690c0a9c37966a04f31da7632672ee908d09bd1cd9887 Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde Copying config sha256:29475068a36850ec74569e2c524bbdbed02fbe3dcc7814641c4ed3edf6d0c4fb Writing manifest to image destination [2026-05-02T05:57:04,907067577+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632 [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /var/workdir/image-digest quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632 docker://quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632 Getting image source signatures Copying blob sha256:f2b315ae926318259c6690c0a9c37966a04f31da7632672ee908d09bd1cd9887 Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying config sha256:29475068a36850ec74569e2c524bbdbed02fbe3dcc7814641c4ed3edf6d0c4fb Writing manifest to image destination sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632 [retry] executing: kubectl get configmap cluster-config -n konflux-info -o json Keyless signing is disabled (none of rekorInternalUrl, fulcioInternalUrl, defaultOIDCIssuer, tufInternalUrl are configured in the konflux-info/cluster-config configmap) [2026-05-02T05:57:08,606835009+00:00] End push pod: python-component-sukmsc-on-4d00d73d9f32a7889b3519c6da3e8f90-pod | container step-sbom-syft-generate: [2026-05-02T05:57:09,063329790+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-05-02T05:58:32,512978304+00:00] End sbom-syft-generate pod: python-component-sukmsc-on-4d00d73d9f32a7889b3519c6da3e8f90-pod | container step-prepare-sboms: [2026-05-02T05:58:32,618867256+00:00] Prepare SBOM [2026-05-02T05:58:32,692874202+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-05-02 05:58:41,896 [INFO] mobster.log: Logging level set to 20 2026-05-02 05:58:45,696 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi9/python-39@sha256:40a58935b9c22664927b22bf256f53a3d744ddb7316f3af18061099e199526ee 2026-05-02 05:58:47,696 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-02 05:58:48,336 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-02 05:58:49,652 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-02 05:58:50,233 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-02 05:58:51,569 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-02 05:58:52,156 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-02 05:58:53,469 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-02 05:58:54,034 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/python-39@sha256:c62e9c0b7ec343ee4b0e0c695a3c8d42d8070e0b9a752079830be0892dc1f89d with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-05-02 05:58:54,035 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-05-02 05:58:54,035 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-05-02 05:58:54,037 [INFO] mobster.log: Contextual workflow completed in 9.24s 2026-05-02 05:58:55,092 [INFO] mobster.main: Exiting with code 0. [2026-05-02T05:58:56,090634635+00:00] End prepare-sboms pod: python-component-sukmsc-on-4d00d73d9f32a7889b3519c6da3e8f90-pod | container step-upload-sbom: [2026-05-02T05:58:56,181810163+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901 WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key '. Uploading SBOM file for [quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901] to [quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:sha256-b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:fea996e206ea3628b6dcbd9fccf05cd97d395af3797784d760d24e83a9d8212a [2026-05-02T05:59:20,203347913+00:00] End upload-sbom pod: python-component-sukmsc-on-5d59478b4adaff39dfc472dd85e990e0-pod | init container: prepare 2026/05/02 05:59:39 Entrypoint initialization pod: python-component-sukmsc-on-5d59478b4adaff39dfc472dd85e990e0-pod | init container: place-scripts 2026/05/02 05:59:40 Decoded script /tekton/scripts/script-1-j656c 2026/05/02 05:59:40 Decoded script /tekton/scripts/script-2-q76zc pod: python-component-sukmsc-on-5d59478b4adaff39dfc472dd85e990e0-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras blob fetch --registry-config /tmp/use-oci.sh.sav1vu/auth-jGXazW.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:1be8c6571584be9aeebd552893a68dbc5fc5bf91179437d45cfc9f406a8e597b --output - Restored artifact quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:1be8c6571584be9aeebd552893a68dbc5fc5bf91179437d45cfc9f406a8e597b to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: python-component-sukmsc-on-5d59478b4adaff39dfc472dd85e990e0-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=python-component-sukmsc + echo 'INFO: The PROJECT_NAME used is: python-component-sukmsc' + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors INFO: The PROJECT_NAME used is: python-component-sukmsc INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/var/workdir/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/var/workdir/source/. ++ realpath -m /var/workdir/source/. + resolved_path=/var/workdir/source + [[ /var/workdir/source == \/\v\a\r\/\w\o\r\k\d\i\r\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 12800 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=1 + SC_JOBS=1 + echo 'INFO: Setting SC_JOBS=1 based on cgroups v2 max for run-shellcheck.sh' + /usr/share/csmock/scripts/run-shellcheck.sh /var/workdir/source INFO: Setting SC_JOBS=1 based on cgroups v2 max for run-shellcheck.sh Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/var/workdir/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-104.json ./shellcheck-results/sc-110.json ./shellcheck-results/sc-116.json ./shellcheck-results/sc-122.json ./shellcheck-results/sc-128.json ./shellcheck-results/sc-134.json ./shellcheck-results/sc-140.json ./shellcheck-results/sc-151.json ./shellcheck-results/sc-82.json ./shellcheck-results/sc-98.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered ShellCheck results have been saved to shellcheck-results.json + echo 'ShellCheck results have been saved to shellcheck-results.json' + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + TEST_OUTPUT= + parse_test_output sast-shell-check-oci-ta-min sarif shellcheck-results.sarif + TEST_NAME=sast-shell-check-oci-ta-min + TEST_RESULT_FORMAT=sarif + TEST_RESULT_FILE=shellcheck-results.sarif + '[' -z sast-shell-check-oci-ta-min ']' + '[' -z sarif ']' + '[' -z shellcheck-results.sarif ']' + '[' '!' -f shellcheck-results.sarif ']' + '[' sarif = sarif ']' +++ jq -rce '(if (.runs[].results | length > 0) then "FAILURE" else "SUCCESS" end)' shellcheck-results.sarif +++ jq -rce '(.runs[].results | length)' shellcheck-results.sarif ++ make_result_json -r SUCCESS -f 0 ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ FAILURES=0 ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-05-02T05:59:51+00:00 --arg result SUCCESS --arg note 'For details, check Tekton task log.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-05-02T05:59:51+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-05-02T05:59:51+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-05-02T05:59:51+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ jq .failures ++ echo '{"result":"SUCCESS","timestamp":"2026-05-02T05:59:51+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' + '[' 0 -gt 0 ']' + echo '{"result":"SUCCESS","timestamp":"2026-05-02T05:59:51+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-05-02T05:59:51+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: python-component-sukmsc-on-5d59478b4adaff39dfc472dd85e990e0-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Attaching to quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901 shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading da808faebf6f shellcheck-results.sarif Uploaded da808faebf6f shellcheck-results.sarif Uploading f94ede8a8b8e application/vnd.oci.image.manifest.v1+json Uploaded f94ede8a8b8e application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901 Digest: sha256:f94ede8a8b8e6ce081151482edf3250cbcad4225e23f88c6a07377212ada14ec No excluded-findings.json exists. Skipping upload. pod: python-component-sukmsc-on-94ac859697020ff4181a1de79af46382-pod | init container: prepare 2026/05/02 05:59:21 Entrypoint initialization pod: python-component-sukmsc-on-94ac859697020ff4181a1de79af46382-pod | init container: place-scripts 2026/05/02 05:59:22 Decoded script /tekton/scripts/script-0-nb62r 2026/05/02 05:59:22 Decoded script /tekton/scripts/script-1-z9b7q 2026/05/02 05:59:22 Decoded script /tekton/scripts/script-2-zxhm6 pod: python-component-sukmsc-on-94ac859697020ff4181a1de79af46382-pod | container step-build: [2026-05-02T05:59:25,287927133+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Running konflux-build-cli time="2026-05-02T05:59:27Z" level=info msg="[param] image: quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632" time="2026-05-02T05:59:27Z" level=info msg="[param] images: [quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901]" time="2026-05-02T05:59:27Z" level=info msg="[param] buildah-format: docker" time="2026-05-02T05:59:27Z" level=info msg="[param] always-build-index: false" time="2026-05-02T05:59:27Z" level=info msg="[param] additional-tags: [python-component-sukmsc-on-pull-request-g52js-build-image-index]" time="2026-05-02T05:59:27Z" level=info msg="[param] output-manifest-path: /index-build-data/manifest_data.json" time="2026-05-02T05:59:27Z" level=info msg="[param] result-path-image-digest: /tekton/results/IMAGE_DIGEST" time="2026-05-02T05:59:27Z" level=info msg="[param] result-path-image-url: /tekton/results/IMAGE_URL" time="2026-05-02T05:59:27Z" level=info msg="[param] result-path-image-ref: /tekton/results/IMAGE_REF" time="2026-05-02T05:59:27Z" level=info msg="[param] result-path-images: /tekton/results/IMAGES" time="2026-05-02T05:59:27Z" level=info msg="Creating manifest list: quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632" time="2026-05-02T05:59:27Z" level=info msg="buildah [stdout] b165cdbd5841549a9d616c2cb9c8f17bc5088da3472d2e350f6908037cf0f671" logger=CliExecutor time="2026-05-02T05:59:27Z" level=info msg="Skipping image index generation. Returning results for single image." {"image_digest":"sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901","image_url":"quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632","image_ref":"quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901","images":"quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901"} pod: python-component-sukmsc-on-94ac859697020ff4181a1de79af46382-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: python-component-sukmsc-on-94ac859697020ff4181a1de79af46382-pod | container step-upload-sbom: [2026-05-02T05:59:28,533867496+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: python-component-sukmsc-on-bb34c14ac77aa05141258312a302cdfb-pod | init container: prepare 2026/05/02 05:51:53 Entrypoint initialization pod: python-component-sukmsc-on-bb34c14ac77aa05141258312a302cdfb-pod | init container: place-scripts 2026/05/02 05:51:53 Decoded script /tekton/scripts/script-0-dgv45 2026/05/02 05:51:53 Decoded script /tekton/scripts/script-1-c4llc pod: python-component-sukmsc-on-bb34c14ac77aa05141258312a302cdfb-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1777701115.8954604,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777701116.3408427,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/sample-multi-component @ 8db91b08c42f4543dde16ba8ac772c5a35f83632 (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1777701116.340888,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777701116.3651013,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision 8db91b08c42f4543dde16ba8ac772c5a35f83632 directly. pod: python-component-sukmsc-on-bb34c14ac77aa05141258312a302cdfb-pod | container step-symlink-check: Running symlink check pod: python-component-sukmsc-on-bb34c14ac77aa05141258312a302cdfb-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:1be8c6571584be9aeebd552893a68dbc5fc5bf91179437d45cfc9f406a8e597b) Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras push --annotation=quay.expires-after=5d --registry-config /tmp/create-oci.sh.QZcEwi/auth-021OzT.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632.git SOURCE_ARTIFACT Uploading 1be8c6571584 SOURCE_ARTIFACT Uploaded 1be8c6571584 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:504da778335f1f8bfdcb4854026c24de604ea3236045198f01a44aa158e400a9 Artifacts created pod: python-component-sukmsc-on-pull-request-g52js-clamav-scan-pod | init container: prepare 2026/05/02 05:59:32 Entrypoint initialization pod: python-component-sukmsc-on-pull-request-g52js-clamav-scan-pod | init container: place-scripts 2026/05/02 05:59:39 Decoded script /tekton/scripts/script-0-ccthk 2026/05/02 05:59:39 Decoded script /tekton/scripts/script-1-7979g pod: python-component-sukmsc-on-pull-request-g52js-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 error: unable to extract layer sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8 from quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901: unexpected EOF info: Retrying again in 5 seconds... error: directory /work/content/content-amd64 must be empty, pass --confirm to overwrite contents of directory info: Retrying again in 5 seconds... error: directory /work/content/content-amd64 must be empty, pass --confirm to overwrite contents of directory info: Retrying again in 5 seconds... error: directory /work/content/content-amd64 must be empty, pass --confirm to overwrite contents of directory {"result":"ERROR","timestamp":"2026-05-02T06:00:25+00:00","note":"Unexpected error: Script errored at command: return \"${status}\".","namespace":"default","successes":0,"failures":0,"warnings":0} pod: python-component-sukmsc-on-pull-request-g52js-clamav-scan-pod | container step-upload: No files found. Skipping upload. pod: python-component-sukmsc-on-pull-request-g52js-init-pod | init container: prepare 2026/05/02 05:51:48 Entrypoint initialization pod: python-component-sukmsc-on-pull-request-g52js-init-pod | container step-init: time="2026-05-02T05:51:50Z" level=info msg="[param] enable: false" time="2026-05-02T05:51:50Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-02T05:51:50Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-02T05:51:50Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-02T05:51:50Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-02T05:51:50Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-02T05:51:50Z" level=info msg="Cache proxy is disabled via param" time="2026-05-02T05:51:50Z" level=info msg="[result] HTTP PROXY: " time="2026-05-02T05:51:50Z" level=info msg="[result] NO PROXY: " pod: python-component-sukmsc-on-pull-request-g52js-tpa-scan-pod | init container: prepare 2026/05/02 05:59:47 Entrypoint initialization pod: python-component-sukmsc-on-pull-request-g52js-tpa-scan-pod | init container: place-scripts 2026/05/02 05:59:48 Decoded script /tekton/scripts/script-0-9gzc2 2026/05/02 05:59:48 Decoded script /tekton/scripts/script-1-brlpt 2026/05/02 05:59:48 Decoded script /tekton/scripts/script-2-q975v pod: python-component-sukmsc-on-pull-request-g52js-tpa-scan-pod | container step-get-vulnerabilities: Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901. Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Downloading SBOMs this way does not ensure its authenticity. If you want to ensure a tamper-proof SBOM, download it using 'cosign download attestation '. Found SBOM of media type: text/spdx+json Running TPA scan on amd64 image manifest... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed { "scanned" : { "total" : 787, "direct" : 363, "transitive" : 424 }, "providers" : { "rhtpa" : { "status" : { "ok" : true, "name" : "rhtpa", "code" : 200, "message" : "OK", "warnings" : { } }, "sources" : { "osv-github" : { "summary" : { "direct" : 24, "transitive" : 6, "total" : 30, "dependencies" : 15, "critical" : 0, "high" : 13, "medium" : 14, "low" : 3, "remediations" : 0, "recommendations" : 0, "unscanned" : 0 }, "dependencies" : [ { "ref" : "pkg:pypi/setuptools@53.0.0", "issues" : [ { "id" : "CVE-2024-6345", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2022-40897", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-40897" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:pypi/pip@21.3.1", "issues" : [ { "id" : "CVE-2023-5752", "source" : "osv-github", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5752" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-5752", "source" : "osv-github", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5752" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:npm/tar@6.1.11", "issues" : [ { "id" : "CVE-2026-23950", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2026-23950" ], "unique" : false }, { "id" : "CVE-2026-24842", "source" : "osv-github", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-24842" ], "unique" : false }, { "id" : "CVE-2026-26960", "source" : "osv-github", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-26960" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "osv-github", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-23950", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2026-23950" ], "unique" : false } }, { "ref" : "pkg:npm/ip@2.0.0", "issues" : [ { "id" : "CVE-2024-29415", "title" : "The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.", "source" : "osv-github", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-29415" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2024-29415", "title" : "The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.", "source" : "osv-github", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-29415" ], "unique" : false } }, { "ref" : "pkg:npm/minimatch@5.1.0", "issues" : [ { "id" : "CVE-2026-27903", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27903" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27904" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-27903", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27903" ], "unique" : false } }, { "ref" : "pkg:pypi/requests@2.25.1", "issues" : [ { "id" : "CVE-2023-32681", "title" : "Unintended leak of Proxy-Authorization header in requests", "source" : "osv-github", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32681" ], "unique" : false }, { "id" : "CVE-2024-35195", "title" : "Requests `Session` object does not verify requests after making first request with verify=False", "source" : "osv-github", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35195" ], "unique" : false }, { "id" : "CVE-2024-47081", "title" : "Requests vulnerable to .netrc credentials leak via malicious URLs", "source" : "osv-github", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-47081" ], "unique" : false }, { "id" : "CVE-2026-25645", "title" : "Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function", "source" : "osv-github", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25645" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:pypi/urllib3@1.26.5", "issues" : [ { "id" : "CVE-2026-21441", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21441" ], "unique" : false }, { "id" : "CVE-2023-43804", "source" : "osv-github", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43804" ], "unique" : false }, { "id" : "CVE-2025-50181", "source" : "osv-github", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-50181" ], "unique" : false }, { "id" : "CVE-2024-37891", "source" : "osv-github", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37891" ], "unique" : false }, { "id" : "CVE-2023-45803", "source" : "osv-github", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45803" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-21441", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21441" ], "unique" : false } }, { "ref" : "pkg:pypi/idna@2.10", "issues" : [ { "id" : "CVE-2024-3651", "source" : "osv-github", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-3651" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3651", "source" : "osv-github", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-3651" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2026-21441", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21441" ], "unique" : false } }, { "ref" : "pkg:npm/semver@7.3.7", "issues" : [ { "id" : "CVE-2022-25883", "title" : "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25883" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2022-25883", "title" : "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25883" ], "unique" : false } }, { "ref" : "pkg:npm/minimatch@3.1.2", "issues" : [ { "id" : "CVE-2026-27903", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27903" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27904" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-27903", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27903" ], "unique" : false } }, { "ref" : "pkg:npm/npm@8.19.3", "issues" : [ { "id" : "CVE-2026-0775", "source" : "osv-github", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2026-0775" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-0775", "source" : "osv-github", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2026-0775" ], "unique" : false } }, { "ref" : "pkg:npm/brace-expansion@1.1.11", "issues" : [ { "id" : "CVE-2026-33750", "title" : "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "source" : "osv-github", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-33750" ], "unique" : false }, { "id" : "CVE-2025-5889", "title" : "juliangruber brace-expansion index.js expand redos", "source" : "osv-github", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-5889" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-33750", "title" : "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "source" : "osv-github", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-33750" ], "unique" : false } }, { "ref" : "pkg:npm/brace-expansion@2.0.1", "issues" : [ { "id" : "CVE-2026-33750", "title" : "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "source" : "osv-github", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-33750" ], "unique" : false }, { "id" : "CVE-2025-5889", "title" : "juliangruber brace-expansion index.js expand redos", "source" : "osv-github", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-5889" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-33750", "title" : "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "source" : "osv-github", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-33750" ], "unique" : false } }, { "ref" : "pkg:pypi/idna@2.10", "issues" : [ { "id" : "CVE-2024-3651", "source" : "osv-github", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-3651" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2024-3651", "source" : "osv-github", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-3651" ], "unique" : false } }, { "ref" : "pkg:pypi/pip@21.2.3", "issues" : [ { "id" : "CVE-2023-5752", "source" : "osv-github", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5752" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2023-5752", "source" : "osv-github", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5752" ], "unique" : false } }, { "ref" : "pkg:npm/%40tootallnate/once@2.0.0", "issues" : [ { "id" : "CVE-2026-3449", "source" : "osv-github", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3449" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-3449", "source" : "osv-github", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3449" ], "unique" : false } } ] }, "redhat-csaf" : { "summary" : { "direct" : 582, "transitive" : 1173, "total" : 1755, "dependencies" : 209, "critical" : 53, "high" : 717, "medium" : 855, "low" : 130, "remediations" : 0, "recommendations" : 0, "unscanned" : 0 }, "dependencies" : [ { "ref" : "pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-44466", "title" : "An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-44466" ], "unique" : false }, { "id" : "CVE-2024-5154", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-5154" ], "unique" : false }, { "id" : "CVE-2025-21927", "title" : "nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21927" ], "unique" : false }, { "id" : "CVE-2023-1652", "title" : "A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-1652" ], "unique" : false }, { "id" : "CVE-2023-52922", "title" : "can: bcm: Fix UAF in bcm_proc_show()", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-52922" ], "unique" : false }, { "id" : "CVE-2024-36971", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-36971" ], "unique" : false }, { "id" : "CVE-2025-21756", "title" : "vsock: Keep the binding until socket destruction", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-21756" ], "unique" : false }, { "id" : "CVE-2025-22020", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-22020" ], "unique" : false }, { "id" : "CVE-2025-38052", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-38052" ], "unique" : false }, { "id" : "CVE-2025-38087", "title" : "net/sched: fix use-after-free in taprio_dev_notifier", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-38087" ], "unique" : false }, { "id" : "CVE-2022-41723", "title" : "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41723" ], "unique" : false }, { "id" : "CVE-2025-38471", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-38471" ], "unique" : false }, { "id" : "CVE-2024-42284", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-42284" ], "unique" : false }, { "id" : "CVE-2024-53104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-53104" ], "unique" : false }, { "id" : "CVE-2025-37750", "title" : "smb: client: fix UAF in decryption with multichannel", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-37750" ], "unique" : false }, { "id" : "CVE-2025-38250", "title" : "Bluetooth: hci_core: Fix use-after-free in vhci_flush()", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-38250" ], "unique" : false }, { "id" : "CVE-2022-49846", "title" : "udf: Fix a slab-out-of-bounds write bug in udf_find_entry()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2022-49846" ], "unique" : false }, { "id" : "CVE-2023-52933", "title" : "Squashfs: fix handling and sanity checking of xattr_ids count", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-52933" ], "unique" : false }, { "id" : "CVE-2023-53751", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-53751" ], "unique" : false }, { "id" : "CVE-2023-6606", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-6606" ], "unique" : false }, { "id" : "CVE-2023-6610", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-6610" ], "unique" : false }, { "id" : "CVE-2024-35937", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-35937" ], "unique" : false }, { "id" : "CVE-2024-38538", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-38538" ], "unique" : false }, { "id" : "CVE-2024-53150", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-53150" ], "unique" : false }, { "id" : "CVE-2024-57947", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-57947" ], "unique" : false }, { "id" : "CVE-2025-21887", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21887" ], "unique" : false }, { "id" : "CVE-2025-21893", "title" : "keys: Fix UAF in key_put()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21893" ], "unique" : false }, { "id" : "CVE-2025-21920", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21920" ], "unique" : false }, { "id" : "CVE-2025-21969", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21969" ], "unique" : false }, { "id" : "CVE-2025-21979", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21979" ], "unique" : false }, { "id" : "CVE-2025-21993", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21993" ], "unique" : false }, { "id" : "CVE-2025-21997", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21997" ], "unique" : false }, { "id" : "CVE-2025-22026", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22026" ], "unique" : false }, { "id" : "CVE-2025-22055", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22055" ], "unique" : false }, { "id" : "CVE-2025-22058", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22058" ], "unique" : false }, { "id" : "CVE-2025-22104", "title" : "ibmvnic: Use kernel helpers for hex dumps", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22104" ], "unique" : false }, { "id" : "CVE-2025-22113", "title" : "ext4: avoid journaling sb update on error if journal is destroying", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22113" ], "unique" : false }, { "id" : "CVE-2025-22121", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22121" ], "unique" : false }, { "id" : "CVE-2025-37738", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-37738" ], "unique" : false }, { "id" : "CVE-2025-37799", "title" : "vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-37799" ], "unique" : false }, { "id" : "CVE-2025-38264", "title" : "nvme-tcp: sanitize request list handling", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-38264" ], "unique" : false }, { "id" : "CVE-2022-49977", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-49977" ], "unique" : false }, { "id" : "CVE-2022-50066", "title" : "net: atlantic: fix aq_vec index out of range error", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-50066" ], "unique" : false }, { "id" : "CVE-2023-53047", "title" : "tee: amdtee: fix race condition in amdtee_open_session", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-53047" ], "unique" : false }, { "id" : "CVE-2023-53107", "title" : "veth: Fix use after free in XDP_REDIRECT", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-53107" ], "unique" : false }, { "id" : "CVE-2023-6932", "title" : "Use-after-free in Linux kernel's ipv4: igmp component", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-6932" ], "unique" : false }, { "id" : "CVE-2024-0646", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-0646" ], "unique" : false }, { "id" : "CVE-2024-46858", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-46858" ], "unique" : false }, { "id" : "CVE-2024-50154", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-50154" ], "unique" : false }, { "id" : "CVE-2024-53141", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-53141" ], "unique" : false }, { "id" : "CVE-2025-21727", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21727" ], "unique" : false }, { "id" : "CVE-2025-21764", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21764" ], "unique" : false }, { "id" : "CVE-2025-21867", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21867" ], "unique" : false }, { "id" : "CVE-2025-21919", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21919" ], "unique" : false }, { "id" : "CVE-2025-21926", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21926" ], "unique" : false }, { "id" : "CVE-2025-21966", "title" : "dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21966" ], "unique" : false }, { "id" : "CVE-2025-22004", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-22004" ], "unique" : false }, { "id" : "CVE-2025-22126", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-22126" ], "unique" : false }, { "id" : "CVE-2025-37797", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37797" ], "unique" : false }, { "id" : "CVE-2025-37803", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37803" ], "unique" : false }, { "id" : "CVE-2025-37890", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37890" ], "unique" : false }, { "id" : "CVE-2025-37914", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37914" ], "unique" : false }, { "id" : "CVE-2025-37943", "title" : "wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37943" ], "unique" : false }, { "id" : "CVE-2025-38079", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38079" ], "unique" : false }, { "id" : "CVE-2025-38086", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38086" ], "unique" : false }, { "id" : "CVE-2025-38124", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38124" ], "unique" : false }, { "id" : "CVE-2025-38177", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38177" ], "unique" : false }, { "id" : "CVE-2025-38200", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38200" ], "unique" : false }, { "id" : "CVE-2025-38332", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38332" ], "unique" : false }, { "id" : "CVE-2022-50616", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-50616" ], "unique" : false }, { "id" : "CVE-2024-56614", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-56614" ], "unique" : false }, { "id" : "CVE-2024-56615", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-56615" ], "unique" : false }, { "id" : "CVE-2025-21883", "title" : "ice: Fix deinitializing VF in error path", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21883" ], "unique" : false }, { "id" : "CVE-2025-21928", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21928" ], "unique" : false }, { "id" : "CVE-2025-21929", "title" : "HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21929" ], "unique" : false }, { "id" : "CVE-2025-21991", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21991" ], "unique" : false }, { "id" : "CVE-2025-22085", "title" : "RDMA/core: Fix use-after-free when rename device name", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22085" ], "unique" : false }, { "id" : "CVE-2021-47383", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2021-47383" ], "unique" : false }, { "id" : "CVE-2025-21759", "title" : "ipv6: mcast: extend RCU protection in igmp6_send()", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21759" ], "unique" : false }, { "id" : "CVE-2023-28746", "title" : "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28746" ], "unique" : false }, { "id" : "CVE-2023-6356", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6356" ], "unique" : false }, { "id" : "CVE-2023-6535", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6535" ], "unique" : false }, { "id" : "CVE-2023-6536", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6536" ], "unique" : false }, { "id" : "CVE-2024-21823", "title" : "Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21823" ], "unique" : false }, { "id" : "CVE-2025-21999", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21999" ], "unique" : false }, { "id" : "CVE-2025-38350", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38350" ], "unique" : false }, { "id" : "CVE-2024-46695", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46695" ], "unique" : false }, { "id" : "CVE-2024-50275", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50275" ], "unique" : false }, { "id" : "CVE-2024-42292", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42292" ], "unique" : false }, { "id" : "CVE-2024-50302", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50302" ], "unique" : false }, { "id" : "CVE-2022-49395", "title" : "um: Fix out-of-bounds read in LDT setup", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49395" ], "unique" : false }, { "id" : "CVE-2023-5090", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5090" ], "unique" : false }, { "id" : "CVE-2024-26664", "title" : "hwmon: (coretemp) Fix out-of-bounds memory access", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26664" ], "unique" : false }, { "id" : "CVE-2024-50264", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50264" ], "unique" : false }, { "id" : "CVE-2025-38110", "title" : "net/mdiobus: Fix potential out-of-bounds clause 45 read/write access", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38110" ], "unique" : false }, { "id" : "CVE-2024-53122", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53122" ], "unique" : false }, { "id" : "CVE-2024-53197", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53197" ], "unique" : false }, { "id" : "CVE-2024-36941", "title" : "wifi: nl80211: don't free NULL coalescing rule", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-36941" ], "unique" : false }, { "id" : "CVE-2024-38627", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38627" ], "unique" : false }, { "id" : "CVE-2022-50042", "title" : "net: genl: fix error path memory leak in policy dumping", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-50042" ], "unique" : false }, { "id" : "CVE-2023-1074", "title" : "A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1074" ], "unique" : false }, { "id" : "CVE-2023-45862", "title" : "An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45862" ], "unique" : false }, { "id" : "CVE-2023-52490", "title" : "mm: migrate: fix getting incorrect page mapping during page migration", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52490" ], "unique" : false }, { "id" : "CVE-2023-52658", "title" : "Revert \"net/mlx5: Block entering switchdev mode with ns inconsistency\"", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52658" ], "unique" : false }, { "id" : "CVE-2023-53597", "title" : "cifs: fix mid leak during reconnection after timeout threshold", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53597" ], "unique" : false }, { "id" : "CVE-2023-53704", "title" : "clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53704" ], "unique" : false }, { "id" : "CVE-2023-54004", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54004" ], "unique" : false }, { "id" : "CVE-2023-54093", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54093" ], "unique" : false }, { "id" : "CVE-2023-54271", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54271" ], "unique" : false }, { "id" : "CVE-2023-7192", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7192" ], "unique" : false }, { "id" : "CVE-2024-0443", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0443" ], "unique" : false }, { "id" : "CVE-2024-26615", "title" : "net/smc: fix illegal rmb_desc access in SMC-D connection dump", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26615" ], "unique" : false }, { "id" : "CVE-2024-26878", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26878" ], "unique" : false }, { "id" : "CVE-2024-27046", "title" : "nfp: flower: handle acti_netdevs allocation failure", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27046" ], "unique" : false }, { "id" : "CVE-2024-27052", "title" : "wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27052" ], "unique" : false }, { "id" : "CVE-2024-35789", "title" : "wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35789" ], "unique" : false }, { "id" : "CVE-2024-35852", "title" : "mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35852" ], "unique" : false }, { "id" : "CVE-2024-35890", "title" : "gro: fix ownership transfer", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35890" ], "unique" : false }, { "id" : "CVE-2024-35907", "title" : "mlxbf_gige: call request_irq() after NAPI initialized", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35907" ], "unique" : false }, { "id" : "CVE-2024-35952", "title" : "drm/ast: Fix soft lockup", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35952" ], "unique" : false }, { "id" : "CVE-2024-35989", "title" : "dmaengine: idxd: Fix oops during rmmod on single-CPU platforms", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35989" ], "unique" : false }, { "id" : "CVE-2024-39483", "title" : "KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-39483" ], "unique" : false }, { "id" : "CVE-2024-40959", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-40959" ], "unique" : false }, { "id" : "CVE-2024-41035", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-41035" ], "unique" : false }, { "id" : "CVE-2024-41064", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-41064" ], "unique" : false }, { "id" : "CVE-2024-42079", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42079" ], "unique" : false }, { "id" : "CVE-2024-42272", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42272" ], "unique" : false }, { "id" : "CVE-2024-42283", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42283" ], "unique" : false }, { "id" : "CVE-2024-42322", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42322" ], "unique" : false }, { "id" : "CVE-2024-43854", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-43854" ], "unique" : false }, { "id" : "CVE-2024-44990", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-44990" ], "unique" : false }, { "id" : "CVE-2024-44994", "title" : "iommu: Restore lost return in iommu_report_device_fault()", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-44994" ], "unique" : false }, { "id" : "CVE-2024-45018", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45018" ], "unique" : false }, { "id" : "CVE-2024-46713", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46713" ], "unique" : false }, { "id" : "CVE-2024-46824", "title" : "iommufd: Require drivers to supply the cache_invalidate_user ops", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46824" ], "unique" : false }, { "id" : "CVE-2024-49949", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-49949" ], "unique" : false }, { "id" : "CVE-2024-50208", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50208" ], "unique" : false }, { "id" : "CVE-2024-50251", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50251" ], "unique" : false }, { "id" : "CVE-2024-50252", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50252" ], "unique" : false }, { "id" : "CVE-2024-53113", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53113" ], "unique" : false }, { "id" : "CVE-2025-21669", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21669" ], "unique" : false }, { "id" : "CVE-2025-21962", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21962" ], "unique" : false }, { "id" : "CVE-2025-21963", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21963" ], "unique" : false }, { "id" : "CVE-2025-21964", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21964" ], "unique" : false }, { "id" : "CVE-2025-37785", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-37785" ], "unique" : false }, { "id" : "CVE-2025-38234", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38234" ], "unique" : false }, { "id" : "CVE-2023-52448", "title" : "gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52448" ], "unique" : false }, { "id" : "CVE-2023-53755", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53755" ], "unique" : false }, { "id" : "CVE-2024-47745", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-47745" ], "unique" : false }, { "id" : "CVE-2024-53088", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53088" ], "unique" : false }, { "id" : "CVE-2025-21961", "title" : "eth: bnxt: fix truesize for mb-xdp-pass case", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21961" ], "unique" : false }, { "id" : "CVE-2025-22036", "title" : "exfat: fix random stack corruption after get_block", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22036" ], "unique" : false }, { "id" : "CVE-2025-38417", "title" : "ice: fix eswitch code memory leak in reset scenario", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38417" ], "unique" : false }, { "id" : "CVE-2023-52771", "title" : "cxl/port: Fix delete_endpoint() vs parent unregistration race", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52771" ], "unique" : false }, { "id" : "CVE-2023-52864", "title" : "platform/x86: wmi: Fix opening of char device", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52864" ], "unique" : false }, { "id" : "CVE-2024-26855", "title" : "net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26855" ], "unique" : false }, { "id" : "CVE-2024-35845", "title" : "wifi: iwlwifi: dbg-tlv: ensure NUL termination", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35845" ], "unique" : false }, { "id" : "CVE-2024-36922", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-36922" ], "unique" : false }, { "id" : "CVE-2024-38555", "title" : "net/mlx5: Discard command completions in internal error", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38555" ], "unique" : false }, { "id" : "CVE-2024-38556", "title" : "net/mlx5: Add a timeout to acquire the command queue semaphore", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38556" ], "unique" : false }, { "id" : "CVE-2024-43855", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-43855" ], "unique" : false }, { "id" : "CVE-2024-46826", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46826" ], "unique" : false }, { "id" : "CVE-2024-26897", "title" : "wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26897" ], "unique" : false }, { "id" : "CVE-2024-38586", "title" : "r8169: Fix possible ring buffer corruption on fragmented Tx packets.", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38586" ], "unique" : false }, { "id" : "CVE-2022-50846", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2022-50846" ], "unique" : false }, { "id" : "CVE-2023-53639", "title" : "wifi: ath6kl: reduce WARN to dev_dbg() in callback", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-53639" ], "unique" : false }, { "id" : "CVE-2023-54153", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-54153" ], "unique" : false }, { "id" : "CVE-2023-54267", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2023-54267" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44466", "title" : "An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-44466" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl unit exists and is running.", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40223" ], "unique" : false }, { "id" : "CVE-2026-40228", "title" : "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-40228" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=libeconf-0.4.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-pysocks-1.7.1-12.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch&distro=rhel-9.2&upstream=python-six-1.15.0-9.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64&distro=rhel-9.2&upstream=pygobject3-3.40.1-6.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch&distro=rhel-9.2&upstream=redhat-rpm-config-199-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl unit exists and is running.", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40223" ], "unique" : false }, { "id" : "CVE-2026-40228", "title" : "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-40228" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat-devel@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=libeconf-0.4.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=apr-util-1.6.1-20.el9_2.1.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64&distro=rhel-9.2&upstream=freetype-2.10.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/graphite2@1.3.14-9.el9?arch=x86_64&distro=rhel-9.2&upstream=graphite2-1.3.14-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-5436", "title" : "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2017-5436" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-5436", "title" : "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2017-5436" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/freetype@2.10.4-9.el9?arch=x86_64&distro=rhel-9.2&upstream=freetype-2.10.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false }, { "id" : "CVE-2026-23865", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-23865" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64&distro=rhel-9.2&upstream=freetype-2.10.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2-devel@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libpng@1.6.37-12.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=libpng-1.6.37-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-33636", "title" : "LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2026-33636" ], "unique" : false }, { "id" : "CVE-2026-33416", "title" : "LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-33416" ], "unique" : false }, { "id" : "CVE-2025-64720", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-64720" ], "unique" : false }, { "id" : "CVE-2025-65018", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-65018" ], "unique" : false }, { "id" : "CVE-2025-66293", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-66293" ], "unique" : false }, { "id" : "CVE-2026-25646", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2026-25646" ], "unique" : false }, { "id" : "CVE-2026-22801", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22801" ], "unique" : false }, { "id" : "CVE-2025-28162", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-28162" ], "unique" : false }, { "id" : "CVE-2025-64506", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-64506" ], "unique" : false }, { "id" : "CVE-2026-22695", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22695" ], "unique" : false }, { "id" : "CVE-2026-3713", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3713" ], "unique" : false }, { "id" : "CVE-2025-28164", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-28164" ], "unique" : false }, { "id" : "CVE-2025-64505", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-64505" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-33636", "title" : "LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2026-33636" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/brotli-devel@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/brotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/harfbuzz-devel@2.7.4-8.el9?arch=x86_64&distro=rhel-9.2&upstream=harfbuzz-2.7.4-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/harfbuzz-icu@2.7.4-8.el9?arch=x86_64&distro=rhel-9.2&upstream=harfbuzz-2.7.4-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/harfbuzz@2.7.4-8.el9?arch=x86_64&distro=rhel-9.2&upstream=harfbuzz-2.7.4-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false }, { "id" : "CVE-2026-22693", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22693" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=libpng-1.6.37-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-64720", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-64720" ], "unique" : false }, { "id" : "CVE-2025-65018", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-65018" ], "unique" : false }, { "id" : "CVE-2025-66293", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-66293" ], "unique" : false }, { "id" : "CVE-2026-25646", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2026-25646" ], "unique" : false }, { "id" : "CVE-2026-22801", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22801" ], "unique" : false }, { "id" : "CVE-2026-22695", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22695" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-64720", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-64720" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pixman@0.40.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=pixman-0.40.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-44638", "title" : "In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-44638" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-44638", "title" : "In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-44638" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount-devel@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid-devel@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-devel@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64&distro=rhel-9.2&upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl-devel@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl unit exists and is running.", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40223" ], "unique" : false }, { "id" : "CVE-2026-40228", "title" : "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-40228" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=libeconf-0.4.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-38474", "title" : "Apache HTTP Server weakness with encoded question marks in backreferences", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2024-38474" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=scl-utils-2.0.3-4.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/less@590-1.el9_0?arch=x86_64&distro=rhel-9.2&upstream=less-590-1.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2024-32487", "title" : "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2024-32487" ], "unique" : false }, { "id" : "CVE-2022-46663", "title" : "In GNU Less before 609, crafted data can result in \"less -R\" not filtering ANSI escape sequences sent to the terminal.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-46663" ], "unique" : false }, { "id" : "CVE-2022-48624", "title" : "close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-48624" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-32487", "title" : "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2024-32487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/vim-filesystem@8.2.2637-20.el9_1?arch=noarch&distro=rhel-9.2&epoch=2&upstream=vim-8.2.2637-20.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-34982", "title" : "Vim modeline bypass via various options affects Vim < 9.2.0276", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-34982" ], "unique" : false }, { "id" : "CVE-2026-25749", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-25749" ], "unique" : false }, { "id" : "CVE-2026-33412", "title" : "Vim affected by Command injection via newline in glob()", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-33412" ], "unique" : false }, { "id" : "CVE-2023-4752", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-4752" ], "unique" : false }, { "id" : "CVE-2021-3903", "title" : "Heap-based Buffer Overflow in vim/vim", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3903" ], "unique" : false }, { "id" : "CVE-2026-28421", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28421" ], "unique" : false }, { "id" : "CVE-2026-28417", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28417" ], "unique" : false }, { "id" : "CVE-2025-53905", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-53905" ], "unique" : false }, { "id" : "CVE-2025-53906", "title" : "Vim has path traversal issue with zip.vim and special crafted zip archives", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-53906" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-34982", "title" : "Vim modeline bypass via various options affects Vim < 9.2.0276", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-34982" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl unit exists and is running.", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40223" ], "unique" : false }, { "id" : "CVE-2026-40228", "title" : "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-40228" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=libeconf-0.4.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64&distro=rhel-9.2&upstream=python-ethtool-0.15-2.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch&distro=rhel-9.2&upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libcomps-0.1.18-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false }, { "id" : "CVE-2026-0980", "title" : "Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-0980" ], "unique" : false }, { "id" : "CVE-2026-1207", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1207" ], "unique" : false }, { "id" : "CVE-2026-1287", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1287" ], "unique" : false }, { "id" : "CVE-2026-1530", "title" : "Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1530" ], "unique" : false }, { "id" : "CVE-2026-1531", "title" : "Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1531" ], "unique" : false }, { "id" : "CVE-2026-1961", "title" : "Forman: foreman: remote code execution via command injection in websocket proxy", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2026-1961" ], "unique" : false }, { "id" : "CVE-2021-46877", "title" : "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46877" ], "unique" : false }, { "id" : "CVE-2025-14550", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-14550" ], "unique" : false }, { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false }, { "id" : "CVE-2026-1285", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1285" ], "unique" : false }, { "id" : "CVE-2025-68121", "title" : "Unexpected session resumption in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-68121" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2026-4324", "title" : "Rubygem-katello: katello: denial of service and potential information disclosure via sql injection", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4324" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libcomps-0.1.18-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false }, { "id" : "CVE-2026-0980", "title" : "Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-0980" ], "unique" : false }, { "id" : "CVE-2026-1207", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1207" ], "unique" : false }, { "id" : "CVE-2026-1287", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1287" ], "unique" : false }, { "id" : "CVE-2026-1530", "title" : "Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1530" ], "unique" : false }, { "id" : "CVE-2026-1531", "title" : "Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1531" ], "unique" : false }, { "id" : "CVE-2026-1961", "title" : "Forman: foreman: remote code execution via command injection in websocket proxy", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2026-1961" ], "unique" : false }, { "id" : "CVE-2021-46877", "title" : "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46877" ], "unique" : false }, { "id" : "CVE-2025-14550", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-14550" ], "unique" : false }, { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false }, { "id" : "CVE-2026-1285", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1285" ], "unique" : false }, { "id" : "CVE-2025-68121", "title" : "Unexpected session resumption in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-68121" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2026-4324", "title" : "Rubygem-katello: katello: denial of service and potential information disclosure via sql injection", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4324" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-1312", "source" : "redhat-csaf", "cvssScore" : 8.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1312" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64&distro=rhel-9.2&upstream=gnupg2-2.3.3-2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false }, { "id" : "CVE-2025-68973", "title" : "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-68973" ], "unique" : false }, { "id" : "CVE-2025-68972", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68972" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl unit exists and is running.", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40223" ], "unique" : false }, { "id" : "CVE-2026-40228", "title" : "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-40228" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-3899", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-3899" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-3899", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-3899" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-cloud-what@1.29.33.1-1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-3899", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-3899" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-3899", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-3899" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libarchive-3.5.3-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-3899", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-3899" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-3899", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-3899" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64&distro=rhel-9.2&upstream=expat-2.5.0-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "title" : "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false }, { "id" : "CVE-2026-41080", "title" : "libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-41080" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libgcrypt-1.10.0-10.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false }, { "id" : "CVE-2026-41990", "title" : "Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-41990" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dmidecode-3.3-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-30630", "title" : "Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-30630" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-30630", "title" : "Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-30630" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=libeconf-0.4.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-decorator-4.4.2-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2727", "title" : "Bypassing policies imposed by the ImagePolicyWebhook admission plugin", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2727" ], "unique" : false }, { "id" : "CVE-2023-2728", "title" : "Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2728" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2727", "title" : "Bypassing policies imposed by the ImagePolicyWebhook admission plugin", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2727" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64&distro=rhel-9.2&upstream=tpm2-tss-3.0.3-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22745", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22745" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22745", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22745" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-requests@2.25.1-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-requests-2.25.1-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-32681", "title" : "Unintended leak of Proxy-Authorization header in requests", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32681" ], "unique" : false }, { "id" : "CVE-2024-35195", "title" : "Requests `Session` object does not verify requests after making first request with verify=False", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35195" ], "unique" : false }, { "id" : "CVE-2024-47081", "title" : "Requests vulnerable to .netrc credentials leak via malicious URLs", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-47081" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-32681", "title" : "Unintended leak of Proxy-Authorization header in requests", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32681" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64&distro=rhel-9.2&upstream=systemd-252-13.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=gd-2.3.2-3.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/libwebp@1.2.0-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libwebp-1.2.0-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-4863", "title" : "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "source" : "redhat-csaf", "cvssScore" : 9.6, "severity" : "CRITICAL", "cves" : [ "CVE-2023-4863" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4863", "title" : "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "source" : "redhat-csaf", "cvssScore" : 9.6, "severity" : "CRITICAL", "cves" : [ "CVE-2023-4863" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/graphite2@1.3.14-9.el9?arch=x86_64&distro=rhel-9.2&upstream=graphite2-1.3.14-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-5436", "title" : "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2017-5436" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-5436", "title" : "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2017-5436" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtiff@4.4.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libtiff-4.4.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-9900", "title" : "Libtiff: libtiff write-what-where", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-9900" ], "unique" : false }, { "id" : "CVE-2025-8176", "title" : "LibTIFF tiffmedian.c get_histogram use after free", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-8176" ], "unique" : false }, { "id" : "CVE-2026-4775", "title" : "Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processing", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-4775" ], "unique" : false }, { "id" : "CVE-2017-17095", "title" : "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2017-17095" ], "unique" : false }, { "id" : "CVE-2023-52355", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52355" ], "unique" : false }, { "id" : "CVE-2023-52356", "title" : "Libtiff: segment fault in libtiff in tiffreadrgbatileext() leading to denial of service", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52356" ], "unique" : false }, { "id" : "CVE-2024-7006", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-7006" ], "unique" : false }, { "id" : "CVE-2022-40090", "title" : "An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-40090" ], "unique" : false }, { "id" : "CVE-2023-3618", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3618" ], "unique" : false }, { "id" : "CVE-2023-40745", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-40745" ], "unique" : false }, { "id" : "CVE-2023-41175", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-41175" ], "unique" : false }, { "id" : "CVE-2023-0795", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0795" ], "unique" : false }, { "id" : "CVE-2023-0796", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0796" ], "unique" : false }, { "id" : "CVE-2023-0797", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0797" ], "unique" : false }, { "id" : "CVE-2023-0798", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0798" ], "unique" : false }, { "id" : "CVE-2023-0800", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0800" ], "unique" : false }, { "id" : "CVE-2023-0801", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0801" ], "unique" : false }, { "id" : "CVE-2023-0802", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0802" ], "unique" : false }, { "id" : "CVE-2023-0803", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0803" ], "unique" : false }, { "id" : "CVE-2023-0804", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0804" ], "unique" : false }, { "id" : "CVE-2022-48281", "title" : "processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., \"WRITE of size 307203\") via a crafted TIFF image.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48281" ], "unique" : false }, { "id" : "CVE-2023-0799", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0799" ], "unique" : false }, { "id" : "CVE-2023-26965", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-26965" ], "unique" : false }, { "id" : "CVE-2023-26966", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-26966" ], "unique" : false }, { "id" : "CVE-2023-2731", "title" : "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2731" ], "unique" : false }, { "id" : "CVE-2023-3316", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3316" ], "unique" : false }, { "id" : "CVE-2023-3576", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3576" ], "unique" : false }, { "id" : "CVE-2025-61143", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61143" ], "unique" : false }, { "id" : "CVE-2025-61144", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61144" ], "unique" : false }, { "id" : "CVE-2025-61145", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61145" ], "unique" : false }, { "id" : "CVE-2023-6228", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-6228" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-9900", "title" : "Libtiff: libtiff write-what-where", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-9900" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/freetype@2.10.4-9.el9?arch=x86_64&distro=rhel-9.2&upstream=freetype-2.10.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false }, { "id" : "CVE-2026-23865", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-23865" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libpng@1.6.37-12.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=libpng-1.6.37-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-33636", "title" : "LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2026-33636" ], "unique" : false }, { "id" : "CVE-2026-33416", "title" : "LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-33416" ], "unique" : false }, { "id" : "CVE-2025-64720", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-64720" ], "unique" : false }, { "id" : "CVE-2025-65018", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-65018" ], "unique" : false }, { "id" : "CVE-2025-66293", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-66293" ], "unique" : false }, { "id" : "CVE-2026-25646", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2026-25646" ], "unique" : false }, { "id" : "CVE-2026-22801", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22801" ], "unique" : false }, { "id" : "CVE-2025-28162", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-28162" ], "unique" : false }, { "id" : "CVE-2025-64506", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-64506" ], "unique" : false }, { "id" : "CVE-2026-22695", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22695" ], "unique" : false }, { "id" : "CVE-2026-3713", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3713" ], "unique" : false }, { "id" : "CVE-2025-28164", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-28164" ], "unique" : false }, { "id" : "CVE-2025-64505", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-64505" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-33636", "title" : "LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2026-33636" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/harfbuzz@2.7.4-8.el9?arch=x86_64&distro=rhel-9.2&upstream=harfbuzz-2.7.4-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false }, { "id" : "CVE-2026-22693", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22693" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libjpeg-turbo@2.0.90-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libjpeg-turbo-2.0.90-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2021-29390", "title" : "libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2021-29390" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-29390", "title" : "libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2021-29390" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libXpm@3.5.13-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libXpm-3.5.13-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-43788", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43788" ], "unique" : false }, { "id" : "CVE-2023-43789", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43789" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43788", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43788" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2023-4863", "title" : "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "source" : "redhat-csaf", "cvssScore" : 9.6, "severity" : "CRITICAL", "cves" : [ "CVE-2023-4863" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64&distro=rhel-9.2&upstream=libxslt-1.1.34-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-55549", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-55549" ], "unique" : false }, { "id" : "CVE-2025-24855", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24855" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-40403", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-40403" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxslt@1.1.34-9.el9?arch=x86_64&distro=rhel-9.2&upstream=libxslt-1.1.34-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-55549", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-55549" ], "unique" : false }, { "id" : "CVE-2025-24855", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24855" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-40403", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-40403" ], "unique" : false }, { "id" : "CVE-2025-10911", "title" : "Libxslt: use-after-free with key data stored cross-rvt", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-10911" ], "unique" : false }, { "id" : "CVE-2025-11731", "title" : "Libxslt: type confusion in exsltfuncresultcompfunction of libxslt", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-11731" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-55549", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-55549" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-devel@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch&distro=rhel-9.2&upstream=sgml-common-0.6.3-58.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-devel@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64&distro=rhel-9.2&upstream=json-c-0.14-11.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2025-70873", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-70873" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64&distro=rhel-9.2&upstream=atlas-3.10.3-17.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libquadmath@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgfortran@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch&distro=rhel-9.2&upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-base@2.27-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch&distro=rhel-9.2&upstream=hunspell-en-0.20140811.1-20.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64&distro=rhel-9.2&upstream=pcre-8.44-3.el9.3.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Digest-1.19-4.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-24963", "title" : "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-24963" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false }, { "id" : "CVE-2026-34743", "title" : "XZ Utils: Buffer overflow in lzma_index_append()", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-34743" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64&distro=rhel-9.2&upstream=nss_wrapper-1.1.13-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch&distro=rhel-9.2&upstream=automake-1.16.2-6.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=emacs-27.2-8.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2025-1244", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-1244" ], "unique" : false }, { "id" : "CVE-2024-30205", "title" : "In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-30205" ], "unique" : false }, { "id" : "CVE-2024-39331", "title" : "In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-39331" ], "unique" : false }, { "id" : "CVE-2024-53920", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-53920" ], "unique" : false }, { "id" : "CVE-2024-30203", "title" : "In Emacs before 29.3, Gnus treats inline MIME contents as trusted.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-30203" ], "unique" : false }, { "id" : "CVE-2024-30204", "title" : "In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-30204" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-1244", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-1244" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Compare@1.100.600-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-B@1.80-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Find@1.37-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-DynaLoader@1.47-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64&distro=rhel-9.2&upstream=libdb-5.3.28-53.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=libverto-0.3.2-3.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64&distro=rhel-9.2&upstream=patch-2.7.6-16.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64&distro=rhel-9.2&upstream=wget-1.21.1-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-38428", "title" : "url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38428" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64&distro=rhel-9.2&upstream=libgpg-error-1.42-5.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64&distro=rhel-9.2&upstream=libpsl-0.21.1-5.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64&distro=rhel-9.2&upstream=libtool-2.4.6-45.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Thread-Queue-3.14-460.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64&distro=rhel-9.2&upstream=gdb-10.2-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-3826", "title" : "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3826" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64&distro=rhel-9.2&upstream=libipt-2.0.4-5.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64&distro=rhel-9.2&upstream=e2fsprogs-1.46.5-3.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64&distro=rhel-9.2&upstream=libxcrypt-4.4.18-3.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64&distro=rhel-9.2&upstream=ding-libs-0.6.1-53.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64&distro=rhel-9.2&upstream=boost-1.75.0-8.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch&distro=rhel-9.2&upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libtalloc-2.3.4-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64&distro=rhel-9.2&upstream=m4-1.4.19-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libXpm-3.5.13-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-43788", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43788" ], "unique" : false }, { "id" : "CVE-2023-43789", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43789" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11-devel@1.7.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11-xcb@1.7.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libXpm@3.5.13-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libXpm-3.5.13-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-43788", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43788" ], "unique" : false }, { "id" : "CVE-2023-43789", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43789" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43788", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43788" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64&distro=rhel-9.2&upstream=source-highlight-3.1.9-11.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch&distro=rhel-9.2&upstream=rootfiles-8.1-31.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64&distro=rhel-9.2&upstream=hostname-3.23-6.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=enchant-1.6.0-30.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2025-70873", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2025-70873" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dmidecode-3.3-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-30630", "title" : "Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-30630" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch&distro=rhel-9.2&upstream=autoconf-2.69-38.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=emacs-27.2-8.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2025-1244", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-1244" ], "unique" : false }, { "id" : "CVE-2024-30205", "title" : "In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-30205" ], "unique" : false }, { "id" : "CVE-2024-39331", "title" : "In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-39331" ], "unique" : false }, { "id" : "CVE-2024-53920", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-53920" ], "unique" : false }, { "id" : "CVE-2024-30203", "title" : "In Emacs before 29.3, Gnus treats inline MIME contents as trusted.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-30203" ], "unique" : false }, { "id" : "CVE-2024-30204", "title" : "In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-30204" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-1244", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-1244" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Compare@1.100.600-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-B@1.80-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Find@1.37-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-DynaLoader@1.47-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64&distro=rhel-9.2&upstream=keyutils-1.6.3-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64&distro=rhel-9.2&upstream=babeltrace-1.5.8-10.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch&distro=rhel-9.2&upstream=hunspell-en-0.20140811.1-20.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch&distro=rhel-9.2&upstream=hunspell-en-0.20140811.1-20.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64&distro=rhel-9.2&upstream=nss_wrapper-1.1.13-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-31486", "title" : "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-31486" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false }, { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-56406", "title" : "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-56406" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-constant-1.33-461.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false }, { "id" : "CVE-2025-40909", "title" : "Perl threads have a working directory race condition where file operations may target unintended paths", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-40909" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-47038", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-47038" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=perl-Storable-3.21-460.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-20230", "title" : "Storable versions before 3.05 for Perl has a stack overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2017-20230" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64&distro=rhel-9.2&upstream=llvm-15.0.7-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=tar-1.34-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-45582", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-45582" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64&distro=rhel-9.2&upstream=annobin-11.05-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 1884k 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 1884k 0 0 100 1884k 0 852k 0:00:02 0:00:02 --:--:-- 852k 100 1899k 0 15645 100 1884k 6775 815k 0:00:02 0:00:02 --:--:-- 822k 100 3768k 0 1884k 100 1884k 571k 571k 0:00:03 0:00:03 --:--:-- 1142k 100 10.5M 0 8914k 100 1884k 2243k 474k 0:00:03 0:00:03 --:--:-- 2717k "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=vim-8.2.2637-20.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-34982", "title" : "Vim modeline bypass via various options affects Vim < 9.2.0276", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-34982" ], "unique" : false }, { "id" : "CVE-2026-25749", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-25749" ], "unique" : false }, { "id" : "CVE-2026-33412", "title" : "Vim affected by Command injection via newline in glob()", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-33412" ], "unique" : false }, { "id" : "CVE-2023-4752", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-4752" ], "unique" : false }, { "id" : "CVE-2021-3903", "title" : "Heap-based Buffer Overflow in vim/vim", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3903" ], "unique" : false }, { "id" : "CVE-2026-28421", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28421" ], "unique" : false }, { "id" : "CVE-2026-28417", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28417" ], "unique" : false }, { "id" : "CVE-2025-53905", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-53905" ], "unique" : false }, { "id" : "CVE-2025-53906", "title" : "Vim has path traversal issue with zip.vim and special crafted zip archives", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-53906" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } } ] } } } }, "licenses" : [ { "status" : { "ok" : true, "name" : "deps.dev", "code" : 200, "message" : "OK", "warnings" : { } }, "summary" : { "total" : 109, "concluded" : 402, "permissive" : 103, "weakCopyleft" : 0, "strongCopyleft" : 1, "unknown" : 5, "deprecated" : 1, "osiApproved" : 104, "fsfLibre" : 105 }, "packages" : { "pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch&distro=rhel-9.2&upstream=hunspell-en-0.20140811.1-20.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/hostname@3.23-6.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/libffi-devel@3.4.2-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libffi-3.4.2-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/just-diff@5.1.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/langpacks-core-en@3.0-16.el9?arch=noarch&distro=rhel-9.2&upstream=langpacks-3.0-16.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/delegates@1.0.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/isexe@2.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/tiny-relative-date@1.3.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libXpm@3.5.13-8.el9_1" : { "evidence" : [ ] }, "pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64&distro=rhel-9.2&upstream=cyrus-sasl-2.1.27-21.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/m4@1.4.19-1.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.2&upstream=bzip2-1.0.8-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch&distro=rhel-9.2&upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/read-cmd-shim@3.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/util-deprecate@1.0.2" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libsemanage@3.5-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libsemanage-3.5-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/ed@1.14.2-12.el9?arch=x86_64&distro=rhel-9.2&upstream=ed-1.14.2-12.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/qt5-srpm-macros@5.15.3-1.el9?arch=noarch&distro=rhel-9.2&upstream=qt5-5.15.3-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-File-Temp@0.231.100-4.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/graphite2-devel@1.3.14-9.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/pcre-utf32@8.44-3.el9.3" : { "evidence" : [ ] }, "pkg:pypi/pysocks@1.7.1" : { "concluded" : { "identifiers" : [ { "id" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN" } ], "expression" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN" } ], "expression" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:pypi/blinker@1.9.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:pypi/rpm@4.16.1.3" : { "evidence" : [ ] }, "pkg:rpm/redhat/fonts-filesystem@2.0.5-7.el9.1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=fonts-rpm-macros-2.0.5-7.el9.1.src.rpm" : { "evidence" : [ ] }, "pkg:npm/builtins@5.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/perl-Carp@1.50-460.el9" : { "evidence" : [ ] }, "pkg:pypi/libcomps@0.1.18" : { "evidence" : [ ] }, "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-File-stat@1.09-480.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-IO@1.43-480.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/jbigkit-libs@2.1-23.el9?arch=x86_64&distro=rhel-9.2&upstream=jbigkit-2.1-23.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/%40npmcli/query@1.2.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/crypto-policies@20221215-1.git9a18988.el9?arch=noarch&distro=rhel-9.2&upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/harfbuzz-icu@2.7.4-8.el9?arch=x86_64&distro=rhel-9.2&upstream=harfbuzz-2.7.4-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-idna@2.10-7.el9?arch=noarch&distro=rhel-9.2&upstream=python-idna-2.10-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/pcre-devel@8.44-3.el9.3?arch=x86_64&distro=rhel-9.2&upstream=pcre-8.44-3.el9.3.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/lua-libs@5.4.4-3.el9?arch=x86_64&distro=rhel-9.2&upstream=lua-5.4.4-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/cyrus-sasl-lib@2.1.27-21.el9?arch=x86_64&distro=rhel-9.2&upstream=cyrus-sasl-2.1.27-21.el9.src.rpm" : { "evidence" : [ ] }, "pkg:pypi/markupsafe@3.0.3" : { "concluded" : { "identifiers" : [ { "id" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libacl@2.3.1-3.el9?arch=x86_64&distro=rhel-9.2&upstream=acl-2.3.1-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:oci/python-component-sukmsc@sha256%3Ab4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901" : { "evidence" : [ ] }, "pkg:rpm/redhat/gd@2.3.2-3.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/readline@8.1-4.el9?arch=x86_64&distro=rhel-9.2&upstream=readline-8.1-4.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/autoconf@2.69-38.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libattr@2.5.1-3.el9?arch=x86_64&distro=rhel-9.2&upstream=attr-2.5.1-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/brotli-devel@1.0.9-6.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/pkgconf-m4@1.7.3-10.el9?arch=noarch&distro=rhel-9.2&upstream=pkgconf-1.7.3-10.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-File-Compare@1.100.600-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/set-blocking@2.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libsepol-devel@3.5-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libsepol-3.5-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libdnf@0.69.0-3.el9_2?arch=x86_64&distro=rhel-9.2&upstream=libdnf-0.69.0-3.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64&distro=rhel-9.2&upstream=llvm-15.0.7-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libxcb@1.13.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=libxcb-1.13.1-9.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/lsof@4.94.0-3.el9" : { "evidence" : [ ] }, "pkg:npm/unique-filename@2.0.1" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64&distro=rhel-9.2&upstream=util-linux-2.37.4-10.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64&distro=rhel-9.2&upstream=gnupg2-2.3.3-2.el9_0.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/dnf@4.14.0-5.el9_2?arch=noarch&distro=rhel-9.2&upstream=dnf-4.14.0-5.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/cracklib-dicts@2.9.6-27.el9?arch=x86_64&distro=rhel-9.2&upstream=cracklib-2.9.6-27.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/cyrus-sasl@2.1.27-21.el9?arch=x86_64&distro=rhel-9.2&upstream=cyrus-sasl-2.1.27-21.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch&distro=rhel-9.2&upstream=python-pip-21.2.3-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/tcl@8.6.10-7.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=tcl-8.6.10-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:pypi/jinja2@3.1.6" : { "concluded" : { "identifiers" : [ { "id" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN" } ], "expression" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN" } ], "expression" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/cpp@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libXau-devel@1.0.9-8.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/groff-base@1.22.4-10.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/openssl-devel@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:pypi/importlib-metadata@8.7.1" : { "concluded" : { "identifiers" : [ { "id" : "Apache-2.0", "name" : "Apache License 2.0", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "Apache-2.0", "name" : "Apache License 2.0", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "Apache-2.0", "name" : "Apache License 2.0", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "Apache-2.0", "name" : "Apache License 2.0", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/perl-PathTools@3.78-461.el9?arch=x86_64&distro=rhel-9.2&upstream=perl-PathTools-3.78-461.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/debuglog@1.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/bin-links@3.0.3" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/json-glib@1.6.6-1.el9?arch=x86_64&distro=rhel-9.2&upstream=json-glib-1.6.6-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2" : { "evidence" : [ ] }, "pkg:npm/emoji-regex@8.0.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/mariadb-connector-c-config@3.2.6-1.el9_0" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2" : { "evidence" : [ ] }, "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libtasn1-4.16.0-8.el9_1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/acl@2.3.1-3.el9?arch=x86_64&distro=rhel-9.2&upstream=acl-2.3.1-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/librepo@1.14.5-1.el9?arch=x86_64&distro=rhel-9.2&upstream=librepo-1.14.5-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libreport-filesystem@2.15.2-6.el9?arch=noarch&distro=rhel-9.2&upstream=libreport-2.15.2-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/promise-call-limit@1.0.1" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/libnpmpack@4.1.3" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libksba@1.5.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libksba-1.5.1-6.el9_1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libcap-ng@0.8.2-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-ng-0.8.2-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libXau@1.0.9-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libXau-1.0.9-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/dnf-data@4.14.0-5.el9_2?arch=noarch&distro=rhel-9.2&upstream=dnf-4.14.0-5.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/info@6.7-15.el9?arch=x86_64&distro=rhel-9.2&upstream=texinfo-6.7-15.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=apr-1.7.0-11.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/scl-utils@2.0.3-4.el9" : { "evidence" : [ ] }, "pkg:npm/%40npmcli/git@3.0.2" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/pcre@8.44-3.el9.3?arch=x86_64&distro=rhel-9.2&upstream=pcre-8.44-3.el9.3.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-base@2.27-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64&distro=rhel-9.2&upstream=gdb-10.2-10.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/dejavu-sans-fonts@2.37-18.el9?arch=noarch&distro=rhel-9.2&upstream=dejavu-fonts-2.37-18.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libtiff@4.4.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libtiff-4.4.0-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch&distro=rhel-9.2&upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Scalar-List-Utils@1.56-461.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-Scalar-List-Utils-1.56-461.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/safe-buffer@5.2.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/grep@3.6-5.el9?arch=x86_64&distro=rhel-9.2&upstream=grep-3.6-5.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/findutils@4.8.0-5.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64&distro=rhel-9.2&upstream=tpm2-tss-3.0.3-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:pypi/pyinotify@0.9.6" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.2" : { "evidence" : [ ] }, "pkg:pypi/itsdangerous@2.2.0" : { "concluded" : { "identifiers" : [ { "id" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN" } ], "expression" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN" } ], "expression" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/boost-regex@1.75.0-8.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64&distro=rhel-9.2&upstream=openssh-8.7p1-29.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libzstd@1.5.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=zstd-1.5.1-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Encode@3.08-462.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-Encode-3.08-462.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Term-Cap@1.17-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Term-Cap-1.17-460.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/popt@1.18-8.el9?arch=x86_64&distro=rhel-9.2&upstream=popt-1.18-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/readable-stream@3.6.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64&distro=rhel-9.2&upstream=gdb-10.2-10.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libunistring@0.9.10-15.el9?arch=x86_64&distro=rhel-9.2&upstream=libunistring-0.9.10-15.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/text-table@0.2.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64&distro=rhel-9.2&upstream=file-5.39-12.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/langpacks-core-font-en@3.0-16.el9?arch=noarch&distro=rhel-9.2&upstream=langpacks-3.0-16.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64&distro=rhel-9.2&upstream=libdnf-0.69.0-3.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:npm/%40npmcli/map-workspaces@2.0.4" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libpwquality@1.4.4-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libpwquality-1.4.4-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-gobject-base-noarch@3.40.1-6.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/zip@3.0-35.el9?arch=x86_64&distro=rhel-9.2&upstream=zip-3.0-35.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/wcwidth@1.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Thread-Queue-3.14-460.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gpgme@1.15.1-6.el9?arch=x86_64&distro=rhel-9.2&upstream=gpgme-1.15.1-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/ms@2.1.3" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/path-is-absolute@1.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/glib2-devel@2.68.4-6.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/pyproject-srpm-macros@1.6.2-1.el9?arch=noarch&distro=rhel-9.2&upstream=pyproject-rpm-macros-1.6.2-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Digest-1.19-4.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64&distro=rhel-9.2&upstream=glib2-2.68.4-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:pypi/requests@2.25.1" : { "concluded" : { "identifiers" : [ { "id" : "Apache-2.0", "name" : "Apache License 2.0", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "Apache-2.0", "name" : "Apache License 2.0", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "Apache-2.0", "name" : "Apache License 2.0", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "Apache-2.0", "name" : "Apache License 2.0", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libsigsegv@2.13-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libsigsegv-2.13-4.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/zlib@1.2.11-39.el9?arch=x86_64&distro=rhel-9.2&upstream=zlib-1.2.11-39.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/read-package-json@5.0.2" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/redhat-release@9.2-0.13.el9?arch=x86_64&distro=rhel-9.2&upstream=redhat-release-9.2-0.13.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64&distro=rhel-9.2&epoch=4&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch&distro=rhel-9.2&upstream=rootfiles-8.1-31.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libffi@3.4.2-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libffi-3.4.2-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-dbus@1.2.18-2.el9?arch=x86_64&distro=rhel-9.2&upstream=dbus-python-1.2.18-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Errno@1.30-480.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/libassuan@2.5.5-3.el9?arch=x86_64&distro=rhel-9.2&upstream=libassuan-2.5.5-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/alternatives@1.20-2.el9?arch=x86_64&distro=rhel-9.2&upstream=chkconfig-1.20-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gettext@0.21-7.el9?arch=x86_64&distro=rhel-9.2&upstream=gettext-0.21-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/ip@2.0.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/validate-npm-package-license@3.0.4" : { "concluded" : { "identifiers" : [ { "id" : "Apache-2.0", "name" : "Apache License 2.0", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "Apache-2.0", "name" : "Apache License 2.0", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "Apache-2.0", "name" : "Apache License 2.0", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "Apache-2.0", "name" : "Apache License 2.0", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/rimraf@3.0.2" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/%40tootallnate/once@2.0.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/yallist@4.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/cmake@3.20.2-8.el9?arch=x86_64&distro=rhel-9.2&upstream=cmake-3.20.2-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libpath_utils@0.2.1-53.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=nodejs-16.19.1-1.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1" : { "evidence" : [ ] }, "pkg:npm/%40npmcli/package-json@2.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libidn2@2.3.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libidn2-2.3.0-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/read@1.0.7" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64&distro=rhel-9.2&upstream=annobin-11.05-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64&distro=rhel-9.2&upstream=patch-2.7.6-16.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/ignore-walk@5.0.1" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/npth@1.6-8.el9?arch=x86_64&distro=rhel-9.2&upstream=npth-1.6-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/libnpmpublish@6.0.5" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/safer-buffer@2.1.2" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/mpfr@4.1.0-7.el9?arch=x86_64&distro=rhel-9.2&upstream=mpfr-4.1.0-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-File-Find@1.37-480.el9" : { "evidence" : [ ] }, "pkg:npm/npm-install-checks@5.0.0" : { "concluded" : { "identifiers" : [ { "id" : "BSD-2-Clause", "name" : "BSD 2-Clause \"Simplified\" License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "BSD-2-Clause", "name" : "BSD 2-Clause \"Simplified\" License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "BSD-2-Clause", "name" : "BSD 2-Clause \"Simplified\" License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "BSD-2-Clause", "name" : "BSD 2-Clause \"Simplified\" License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/perl-AutoLoader@5.74-480.el9" : { "evidence" : [ ] }, "pkg:npm/fs-minipass@2.1.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64&distro=rhel-9.2&upstream=usermode-1.114-4.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2" : { "evidence" : [ ] }, "pkg:rpm/redhat/elfutils-libelf@0.188-3.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64&distro=rhel-9.2&epoch=2&upstream=shadow-utils-4.9-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/ip-regex@4.3.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/archy@1.0.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64&distro=rhel-9.2&upstream=json-c-0.14-11.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/git@2.39.3-1.el9_2" : { "evidence" : [ ] }, "pkg:npm/spdx-correct@3.1.1" : { "concluded" : { "identifiers" : [ { "id" : "Apache-2.0", "name" : "Apache License 2.0", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "Apache-2.0", "name" : "Apache License 2.0", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "Apache-2.0", "name" : "Apache License 2.0", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "Apache-2.0", "name" : "Apache License 2.0", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libtalloc@2.3.4-1.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=openldap-2.6.2-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-8.10" : { "evidence" : [ ] }, "pkg:rpm/redhat/lz4-libs@1.9.3-5.el9?arch=x86_64&distro=rhel-9.2&upstream=lz4-1.9.3-5.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libyaml@0.2.5-7.el9?arch=x86_64&distro=rhel-9.2&upstream=libyaml-0.2.5-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-chardet@4.0.0-5.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch&distro=rhel-9.2&upstream=sgml-common-0.6.3-58.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64&distro=rhel-9.2&upstream=libpsl-0.21.1-5.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/opener@1.5.2" : { "concluded" : { "identifiers" : [ { "id" : "WTFPL", "name" : "Do What The F*ck You Want To Public License", "isDeprecated" : false, "isOsiApproved" : false, "isFsfLibre" : true, "category" : "UNKNOWN" }, { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "(WTFPL OR MIT)", "name" : "Do What The F*ck You Want To Public License OR MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "WTFPL", "name" : "Do What The F*ck You Want To Public License", "isDeprecated" : false, "isOsiApproved" : false, "isFsfLibre" : true, "category" : "UNKNOWN" }, { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "(WTFPL OR MIT)", "name" : "Do What The F*ck You Want To Public License OR MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/npm-bundled@1.1.2" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libarchive-3.5.3-4.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch&distro=rhel-9.2&upstream=cmake-3.20.2-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libquadmath@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:pypi/six@1.15.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.2&upstream=nghttp2-1.43.0-5.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-setuptools-53.0.0-12.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2" : { "evidence" : [ ] }, "pkg:npm/minimatch@5.1.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libverto@0.3.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=libverto-0.3.2-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Net-SSLeay@1.92-2.el9?arch=x86_64&distro=rhel-9.2&upstream=perl-Net-SSLeay-1.92-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/spdx-expression-parse@3.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2" : { "evidence" : [ ] }, "pkg:npm/string-width@4.2.3" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:pypi/werkzeug@3.1.8" : { "concluded" : { "identifiers" : [ { "id" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64&distro=rhel-9.2&upstream=nss_wrapper-1.1.13-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/socks-proxy-agent@7.0.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libfdisk@2.37.4-10.el9" : { "evidence" : [ ] }, "pkg:npm/semver@7.3.7" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libselinux@3.5-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libselinux-3.5-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Data-Dumper@2.174-462.el9?arch=x86_64&distro=rhel-9.2&upstream=perl-Data-Dumper-2.174-462.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/string_decoder@1.3.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libxcrypt@4.4.18-3.el9?arch=x86_64&distro=rhel-9.2&upstream=libxcrypt-4.4.18-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/diff@5.1.0" : { "concluded" : { "identifiers" : [ { "id" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "BSD-3-Clause", "name" : "BSD 3-Clause \"New\" or \"Revised\" License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/langpacks-en@3.0-16.el9?arch=noarch&distro=rhel-9.2&upstream=langpacks-3.0-16.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64&distro=rhel-9.2&upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm" : { "evidence" : [ ] }, "pkg:npm/columnify@1.6.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/npm-packlist@5.1.3" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-6.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.2&upstream=xz-5.2.5-8.el9_0.src.rpm" : { "evidence" : [ ] }, "pkg:npm/%40npmcli/ci-detect@2.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64&distro=rhel-9.2&upstream=procps-ng-3.3.17-11.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64&distro=rhel-9.2&upstream=libverto-0.3.2-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/nopt@5.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/fonts-srpm-macros@2.0.5-7.el9.1?arch=noarch&distro=rhel-9.2&epoch=1&upstream=fonts-rpm-macros-2.0.5-7.el9.1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libevent@2.1.12-6.el9?arch=x86_64&distro=rhel-9.2&upstream=libevent-2.1.12-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/sed@4.8-9.el9?arch=x86_64&distro=rhel-9.2&upstream=sed-4.8-9.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/setup@2.13.7-9.el9?arch=noarch&distro=rhel-9.2&upstream=setup-2.13.7-9.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/jsonparse@1.3.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch&distro=rhel-9.2&upstream=python-pysocks-1.7.1-12.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64&distro=rhel-9.2&upstream=pygobject3-3.40.1-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64&distro=rhel-9.2&upstream=gcc-11.3.1-4.3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.2&upstream=ncurses-6.2-8.20210508.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libgpg-error@1.42-5.el9?arch=x86_64&distro=rhel-9.2&upstream=libgpg-error-1.42-5.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64&distro=rhel-9.2&upstream=rpm-4.16.1.3-22.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gzip@1.12-1.el9?arch=x86_64&distro=rhel-9.2&upstream=gzip-1.12-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/pcre2@10.40-2.el9?arch=x86_64&distro=rhel-9.2&upstream=pcre2-10.40-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/minipass-fetch@2.1.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/ssri@9.0.1" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libmodulemd@2.13.0-2.el9?arch=x86_64&distro=rhel-9.2&upstream=libmodulemd-2.13.0-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Getopt-Long@2.52-4.el9?arch=noarch&distro=rhel-9.2&epoch=1&upstream=perl-Getopt-Long-2.52-4.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/iconv-lite@0.6.3" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/mailcap@2.1.49-5.el9?arch=noarch&distro=rhel-9.2&upstream=mailcap-2.1.49-5.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/fastest-levenshtein@1.0.12" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/krb5-libs@1.20.1-8.el9" : { "evidence" : [ ] }, "pkg:npm/npm-audit-report@3.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/negotiator@0.6.3" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/basesystem@11-13.el9?arch=noarch&distro=rhel-9.2&upstream=basesystem-11-13.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.2&upstream=gawk-5.1.0-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Term-ANSIColor@5.01-461.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Term-ANSIColor-5.01-461.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/concat-map@0.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/publicsuffix-list-dafsa@20210518-3.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-librepo@1.14.5-1.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/systemd-pam@252-13.el9_2" : { "evidence" : [ ] }, "pkg:rpm/redhat/pcre2-syntax@10.40-2.el9?arch=noarch&distro=rhel-9.2&upstream=pcre2-10.40-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-srpm-macros@1-41.el9?arch=noarch&distro=rhel-9.2&upstream=perl-srpm-macros-1-41.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch&distro=rhel-9.2&upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64&distro=rhel-9.2&upstream=httpd-2.4.53-11.el9_2.5.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/which@2.21-28.el9?arch=x86_64&distro=rhel-9.2&upstream=which-2.21-28.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libsepol@3.5-1.el9?arch=x86_64&distro=rhel-9.2&upstream=libsepol-3.5-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/npm-normalize-package-bin@1.0.1" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/hunspell-filesystem@1.7.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=hunspell-1.7.0-11.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64&distro=rhel-9.2&upstream=libtool-2.4.6-45.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64&distro=rhel-9.2&upstream=libgpg-error-1.42-5.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/libnpmhook@8.0.4" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/%40npmcli/metavuln-calculator@3.1.1" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=apr-util-1.6.1-20.el9_2.1.src.rpm" : { "evidence" : [ ] }, "pkg:npm/%40colors/colors@1.5.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/color-support@1.1.3" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/imurmurhash@0.1.4" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm" : { "evidence" : [ ] }, "pkg:npm/treeverse@2.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/audit-libs@3.0.7-103.el9?arch=x86_64&distro=rhel-9.2&upstream=audit-3.0.7-103.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libsolv@0.7.22-4.el9?arch=x86_64&distro=rhel-9.2&upstream=libsolv-0.7.22-4.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/read-package-json-fast@2.0.3" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/which@2.0.2" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/readdir-scoped-modules@1.1.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/balanced-match@1.0.2" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/cli-table3@0.6.2" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/gobject-introspection@1.68.0-11.el9?arch=x86_64&distro=rhel-9.2&upstream=gobject-introspection-1.68.0-11.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2" : { "evidence" : [ ] }, "pkg:rpm/redhat/gd-devel@2.3.2-3.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch&distro=rhel-9.2&upstream=hunspell-en-0.20140811.1-20.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Digest-MD5@2.58-4.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-libnet@3.13-4.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64&distro=rhel-9.2&upstream=binutils-2.35.2-37.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1" : { "evidence" : [ ] }, "pkg:npm/inflight@1.0.6" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/ghc-srpm-macros@1.5.0-6.el9" : { "evidence" : [ ] }, "pkg:npm/abbrev@1.1.1" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/brotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.2&upstream=brotli-1.0.9-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/p11-kit-trust@0.24.1-2.el9?arch=x86_64&distro=rhel-9.2&upstream=p11-kit-0.24.1-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1" : { "evidence" : [ ] }, "pkg:rpm/redhat/bsdtar@3.5.3-4.el9" : { "evidence" : [ ] }, "pkg:npm/ansi-regex@5.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libuv@1.42.0-1.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=libuv-1.42.0-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/signal-exit@3.0.7" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/python3@3.9.16-1.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/kmod-libs@28-7.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/python-srpm-macros@3.9-52.el9?arch=noarch&distro=rhel-9.2&upstream=python-rpm-macros-3.9-52.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch&distro=rhel-9.2&upstream=redhat-rpm-config-199-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/atlas@3.10.3-17.el9?arch=x86_64&distro=rhel-9.2&upstream=atlas-3.10.3-17.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64&distro=rhel-9.2&upstream=freetype-2.10.4-9.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch&distro=rhel-9.2&upstream=python-six-1.15.0-9.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1" : { "evidence" : [ ] }, "pkg:npm/%40npmcli/move-file@2.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/go-srpm-macros@3.2.0-1.el9?arch=noarch&distro=rhel-9.2&upstream=go-rpm-macros-3.2.0-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/json-parse-even-better-errors@2.3.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/minipass-flush@1.0.5" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/debug@4.3.4" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/%40npmcli/node-gyp@2.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libcom_err@1.46.5-3.el9?arch=x86_64&distro=rhel-9.2&upstream=e2fsprogs-1.46.5-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/environment-modules@5.0.1-2.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch&distro=rhel-9.2&upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:npm/has-unicode@2.0.1" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/agentkeepalive@4.2.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/defaults@1.0.3" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/dmidecode@3.3-7.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/glob@7.2.3" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/ocaml-srpm-macros@6-6.el9?arch=noarch&distro=rhel-9.2&upstream=ocaml-srpm-macros-6-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libxcrypt-devel@4.4.18-3.el9?arch=x86_64&distro=rhel-9.2&upstream=libxcrypt-4.4.18-3.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64&distro=rhel-9.2&upstream=atlas-3.10.3-17.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/less@590-1.el9_0?arch=x86_64&distro=rhel-9.2&upstream=less-590-1.el9_0.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Fcntl@1.13-480.el9" : { "evidence" : [ ] }, "pkg:npm/fs.realpath@1.0.0" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/keyutils-libs@1.6.3-1.el9?arch=x86_64&distro=rhel-9.2&upstream=keyutils-1.6.3-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-gpg@1.15.1-6.el9?arch=x86_64&distro=rhel-9.2&upstream=gpgme-1.15.1-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/pkgconf@1.7.3-10.el9?arch=x86_64&distro=rhel-9.2&upstream=pkgconf-1.7.3-10.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libedit@3.1-37.20210216cvs.el9?arch=x86_64&distro=rhel-9.2&upstream=libedit-3.1-37.20210216cvs.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/p-map@4.0.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:pypi/ethtool@0.15" : { "concluded" : { "identifiers" : [ { "id" : "GPL-2.0", "name" : "GNU General Public License v2.0 only", "isDeprecated" : true, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "STRONG_COPYLEFT" } ], "expression" : "GPL-2.0", "name" : "GNU General Public License v2.0 only", "category" : "STRONG_COPYLEFT", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "GPL-2.0", "name" : "GNU General Public License v2.0 only", "isDeprecated" : true, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "STRONG_COPYLEFT" } ], "expression" : "GPL-2.0", "name" : "GNU General Public License v2.0 only", "category" : "STRONG_COPYLEFT", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/inherits@2.0.4" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/promise-retry@2.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64&distro=rhel-9.2&upstream=icu-67.1-9.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/minizlib@2.1.2" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64&distro=rhel-9.2&upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/filesystem@3.16-2.el9?arch=x86_64&distro=rhel-9.2&upstream=filesystem-3.16-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9" : { "evidence" : [ ] }, "pkg:npm/libnpmfund@3.0.5" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/function-bind@1.1.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/subscription-manager-rhsm-certificates@20220623-1.el9?arch=noarch&distro=rhel-9.2&upstream=subscription-manager-rhsm-certificates-20220623-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/brace-expansion@1.1.11" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/pcre2-utf32@10.40-2.el9?arch=x86_64&distro=rhel-9.2&upstream=pcre2-10.40-2.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64&distro=rhel-9.2&upstream=pcre-8.44-3.el9.3.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/bash@5.1.8-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=bash-5.1.8-6.el9_1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:pypi/setuptools@53.0.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/systemd-libs@252-13.el9_2" : { "evidence" : [ ] }, "pkg:pypi/subscription-manager@1.29.33.1" : { "evidence" : [ ] }, "pkg:rpm/redhat/coreutils-single@8.32-34.el9?arch=x86_64&distro=rhel-9.2&upstream=coreutils-8.32-34.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch&distro=rhel-9.2&epoch=0&upstream=perl-5.32.1-480.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/librhsm@0.0.3-7.el9?arch=x86_64&distro=rhel-9.2&upstream=librhsm-0.0.3-7.el9.src.rpm" : { "evidence" : [ ] }, "pkg:npm/strip-ansi@6.0.1" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/perl-Text-Tabs%2BWrap@2013.0523-460.el9?arch=noarch&distro=rhel-9.2&upstream=perl-Text-Tabs%2BWrap-2013.0523-460.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-systemd@234-18.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.2&upstream=sqlite-3.34.1-6.el9_1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64&distro=rhel-9.2&upstream=python3.9-3.9.16-1.el9.src.rpm" : { "evidence" : [ ] }, "pkg:pypi/idna@2.10" : { "concluded" : { "identifiers" : [ { "id" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN" } ], "expression" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN" } ], "expression" : "non-standard", "name" : "non-standard", "category" : "UNKNOWN", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:npm/proc-log@2.0.1" : { "concluded" : { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "ISC", "name" : "ISC License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "ISC", "name" : "ISC License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:pypi/gpg@1.15.1" : { "evidence" : [ ] }, "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.2&upstream=libcap-2.48-8.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gdbm-libs@1.19-4.el9?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=gdbm-1.19-4.el9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libmount@2.37.4-10.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9" : { "evidence" : [ ] }, "pkg:rpm/redhat/nettle@3.8-3.el9_0?arch=x86_64&distro=rhel-9.2&upstream=nettle-3.8-3.el9_0.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm" : { "evidence" : [ ] } } } ] } pod: python-component-sukmsc-on-pull-request-g52js-tpa-scan-pod | container step-oci-attach-report: Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Attaching tpa-report-amd64.json to quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901 [retry] executing: oras attach --no-tty --format go-template=\{\{.digest\}\} --registry-config /tmp/auth/config.json --artifact-type application/vnd.redhat.tpa-report+json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901 tpa-report-amd64.json:application/vnd.redhat.tpa-report+json pod: python-component-sukmsc-on-pull-request-g52js-tpa-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/tpa-report-amd64.json", "namespace": "required_checks", "successes": 4, "warnings": [ { "msg": "Found 14 critical vulnerabilities.", "metadata": { "details": { "description": "Source: redhat-csaf. Affected dependencies: pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm [direct] (CVE-2024-12084), pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2023-39332), pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2023-39332), pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [direct] (CVE-2023-38408), pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [direct] (CVE-2024-32002), pkg:rpm/redhat/nodejs-docs@16.19.1-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2023-39332), pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [direct] (CVE-2024-3596), pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [direct] (CVE-2024-3596), pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [direct] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl-devel@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-39332), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-39332), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-38408), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libwebp-devel@1.2.0-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libwebp-1.2.0-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4863), pkg:rpm/redhat/libwebp@1.2.0-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libwebp-1.2.0-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4863), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-38408), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-38408), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-32002), pkg:rpm/redhat/git-core@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-32002), pkg:rpm/redhat/perl-Git@2.39.3-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-32002), pkg:rpm/redhat/git-core-doc@2.39.3-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-32002), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/libwebp@1.2.0-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libwebp-1.2.0-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4863), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-37920), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796)", "name": "rhtpa_critical_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 14 } }, { "msg": "Found 266 high vulnerabilities.", "metadata": { "details": { "description": "Source: osv-github. Affected dependencies: pkg:pypi/setuptools@53.0.0 [direct] (CVE-2024-6345, CVE-2022-40897), pkg:npm/tar@6.1.11 [direct] (CVE-2026-23950, CVE-2026-24842, CVE-2026-26960), pkg:npm/ip@2.0.0 [direct] (CVE-2024-29415), pkg:npm/minimatch@5.1.0 [direct] (CVE-2026-27903, CVE-2026-27904), pkg:npm/semver@7.3.7 [direct] (CVE-2022-25883), pkg:npm/minimatch@3.1.2 [direct] (CVE-2026-27903, CVE-2026-27904), pkg:npm/npm@8.19.3 [direct] (CVE-2026-0775), pkg:pypi/urllib3@1.26.5 [transitive via pkg:pypi/requests@2.25.1] (CVE-2026-21441); Source: redhat-csaf. Affected dependencies: pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm [direct] (CVE-2024-12085), pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm [direct] (CVE-2023-43622, CVE-2023-45802, CVE-2024-27316, CVE-2025-49630), pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm [direct] (CVE-2025-27363), pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [direct] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [direct] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2023-32006, CVE-2022-4904, CVE-2023-32002, CVE-2024-21892, CVE-2024-21896, CVE-2025-23083, CVE-2025-6965, CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2023-23918, CVE-2023-23919, CVE-2023-24807, CVE-2023-30581, CVE-2023-30590, CVE-2023-32067, CVE-2023-32559, CVE-2023-38552, CVE-2023-39331, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23166, CVE-2025-59465, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135, CVE-2024-22017, CVE-2025-3277, CVE-2026-1525, CVE-2025-55130, CVE-2025-55131, CVE-2023-30589, CVE-2025-31498), pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2023-32006, CVE-2022-4904, CVE-2022-35255, CVE-2023-32002, CVE-2024-21892, CVE-2024-21896, CVE-2025-23083, CVE-2025-6965, CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-24807, CVE-2023-30581, CVE-2023-30590, CVE-2023-32067, CVE-2023-32559, CVE-2023-38552, CVE-2023-39331, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23166, CVE-2025-59465, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135, CVE-2024-22017, CVE-2025-3277, CVE-2026-1525, CVE-2025-55130, CVE-2025-55131, CVE-2023-30589, CVE-2025-31498), pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [direct] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [direct] (CVE-2026-3497, CVE-2024-6387, CVE-2026-35385, CVE-2024-6409), pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2025-59775, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm [direct] (CVE-2023-3899), pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [direct] (CVE-2025-48385, CVE-2024-32004, CVE-2025-48384, CVE-2024-52005, CVE-2024-32465), pkg:rpm/redhat/nodejs-docs@16.19.1-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2023-32006, CVE-2022-4904, CVE-2022-35255, CVE-2023-32002, CVE-2024-21892, CVE-2024-21896, CVE-2025-23083, CVE-2025-6965, CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-24807, CVE-2023-30581, CVE-2023-30590, CVE-2023-32067, CVE-2023-32559, CVE-2023-38552, CVE-2023-39331, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23166, CVE-2025-59465, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135, CVE-2024-22017, CVE-2025-3277, CVE-2026-1525, CVE-2025-55130, CVE-2025-55131, CVE-2023-30589, CVE-2025-31498), pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [direct] (CVE-2023-2953), pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [direct] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm [direct] (CVE-2025-66418, CVE-2025-66471, CVE-2026-21441), pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm [direct] (CVE-2025-1094, CVE-2025-12818), pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [direct] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm [direct] (CVE-2023-3899), pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [direct] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm [direct] (CVE-2023-3899), pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm [direct] (CVE-2024-55549, CVE-2025-24855, CVE-2025-7425, CVE-2025-7424), pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [direct] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [direct] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [direct] (CVE-2025-5222), pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [direct] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm [direct] (CVE-2023-47038), pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [direct] (CVE-2025-31115), pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [direct] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [direct] (CVE-2024-2961, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [direct] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [direct] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [direct] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm [direct] (CVE-2023-30630), pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [direct] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm [direct] (CVE-2026-34982, CVE-2026-25749, CVE-2026-33412, CVE-2023-4752), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-44466, CVE-2024-5154, CVE-2025-21927, CVE-2023-1652, CVE-2023-52922, CVE-2024-36971, CVE-2025-21756, CVE-2025-22020, CVE-2025-38052, CVE-2025-38087, CVE-2022-41723, CVE-2025-38471, CVE-2024-42284, CVE-2024-53104, CVE-2025-37750, CVE-2025-38250, CVE-2022-49846, CVE-2023-52933, CVE-2023-53751, CVE-2023-6606, CVE-2023-6610, CVE-2024-35937, CVE-2024-38538, CVE-2024-53150, CVE-2024-57947, CVE-2025-21887, CVE-2025-21893, CVE-2025-21920, CVE-2025-21969, CVE-2025-21979, CVE-2025-21993, CVE-2025-21997, CVE-2025-22026, CVE-2025-22055, CVE-2025-22058, CVE-2025-22104, CVE-2025-22113, CVE-2025-22121, CVE-2025-37738, CVE-2025-37799, CVE-2025-38264, CVE-2022-49977, CVE-2022-50066, CVE-2023-53047, CVE-2023-53107, CVE-2023-6932, CVE-2024-0646, CVE-2024-46858, CVE-2024-50154, CVE-2024-53141, CVE-2025-21727, CVE-2025-21764, CVE-2025-21867, CVE-2025-21919, CVE-2025-21926, CVE-2025-21966, CVE-2025-22004, CVE-2025-22126, CVE-2025-37797, CVE-2025-37803, CVE-2025-37890, CVE-2025-37914, CVE-2025-37943, CVE-2025-38079, CVE-2025-38086, CVE-2025-38124, CVE-2025-38177, CVE-2025-38200, CVE-2025-38332), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=emacs-27.2-8.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-1244, CVE-2024-30205, CVE-2024-39331, CVE-2024-53920), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/vim-filesystem@8.2.2637-20.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2026-34982, CVE-2026-25749, CVE-2026-33412, CVE-2023-4752), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libuv@1.42.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=libuv-1.42.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-24806), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-6020, CVE-2025-8941, CVE-2024-10963), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-6020, CVE-2025-8941, CVE-2024-10963), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-29111), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/go-srpm-macros@3.2.0-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=go-rpm-macros-3.2.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-61726, CVE-2026-25679), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-AutoLoader@5.74-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-B@1.80-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-base@2.27-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2025-59775, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2025-59775, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2025-59775, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-6020, CVE-2025-8941, CVE-2024-10963), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-29111), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat-devel@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/graphite2@1.3.14-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=graphite2-1.3.14-9.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2017-5436), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/freetype@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-27363), pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-27363), pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/glib2-devel@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/libpng@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-33636, CVE-2026-33416, CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, CVE-2026-25646), pkg:rpm/redhat/brotli-devel@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/brotli@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/harfbuzz-devel@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-25193), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/harfbuzz-icu@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-25193), pkg:rpm/redhat/harfbuzz@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-25193), pkg:rpm/redhat/libpng-devel@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, CVE-2026-25646), pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-5222), pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-5222), pkg:rpm/redhat/pixman@0.40.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pixman-0.40.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2022-44638), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl-devel@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-6020, CVE-2025-8941, CVE-2024-10963), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-30630), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2025-59775, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-44466, CVE-2024-5154, CVE-2025-21927, CVE-2023-1652, CVE-2023-52922, CVE-2024-36971, CVE-2025-21756, CVE-2025-22020, CVE-2025-38052, CVE-2025-38087, CVE-2022-41723, CVE-2025-38471, CVE-2024-42284, CVE-2024-53104, CVE-2025-37750, CVE-2025-38250, CVE-2022-49846, CVE-2023-52933, CVE-2023-53751, CVE-2023-6606, CVE-2023-6610, CVE-2024-35937, CVE-2024-38538, CVE-2024-53150, CVE-2024-57947, CVE-2025-21887, CVE-2025-21893, CVE-2025-21920, CVE-2025-21969, CVE-2025-21979, CVE-2025-21993, CVE-2025-21997, CVE-2025-22026, CVE-2025-22055, CVE-2025-22058, CVE-2025-22104, CVE-2025-22113, CVE-2025-22121, CVE-2025-37738, CVE-2025-37799, CVE-2025-38264, CVE-2022-49977, CVE-2022-50066, CVE-2023-53047, CVE-2023-53107, CVE-2023-6932, CVE-2024-0646, CVE-2024-46858, CVE-2024-50154, CVE-2024-53141, CVE-2025-21727, CVE-2025-21764, CVE-2025-21867, CVE-2025-21919, CVE-2025-21926, CVE-2025-21966, CVE-2025-22004, CVE-2025-22126, CVE-2025-37797, CVE-2025-37803, CVE-2025-37890, CVE-2025-37914, CVE-2025-37943, CVE-2025-38079, CVE-2025-38086, CVE-2025-38124, CVE-2025-38177, CVE-2025-38200, CVE-2025-38332), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2025-59775, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-32006, CVE-2022-4904, CVE-2022-35255, CVE-2023-32002, CVE-2024-21892, CVE-2024-21896, CVE-2025-23083, CVE-2025-6965, CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-24807, CVE-2023-30581, CVE-2023-30590, CVE-2023-32067, CVE-2023-32559, CVE-2023-38552, CVE-2023-39331, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23166, CVE-2025-59465, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135, CVE-2024-22017, CVE-2025-3277, CVE-2026-1525, CVE-2025-55130, CVE-2025-55131, CVE-2023-30589, CVE-2025-31498), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-32006, CVE-2022-4904, CVE-2023-32002, CVE-2025-23083, CVE-2025-6965, CVE-2022-25881, CVE-2023-24807, CVE-2023-30581, CVE-2023-30590, CVE-2023-32067, CVE-2023-32559, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23166, CVE-2025-59465, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135, CVE-2025-3277, CVE-2026-1525, CVE-2025-55130, CVE-2025-55131, CVE-2023-30589, CVE-2025-31498), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-32006, CVE-2022-4904, CVE-2022-35255, CVE-2023-32002, CVE-2024-21892, CVE-2024-21896, CVE-2025-23083, CVE-2025-6965, CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-24807, CVE-2023-30581, CVE-2023-30590, CVE-2023-32067, CVE-2023-32559, CVE-2023-38552, CVE-2023-39331, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23166, CVE-2025-59465, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135, CVE-2024-22017, CVE-2025-3277, CVE-2026-1525, CVE-2025-55130, CVE-2025-55131, CVE-2023-30589, CVE-2025-31498), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-32006, CVE-2022-4904, CVE-2023-32002, CVE-2025-23083, CVE-2025-6965, CVE-2022-25881, CVE-2023-24807, CVE-2023-30581, CVE-2023-30590, CVE-2023-32067, CVE-2023-32559, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23166, CVE-2025-59465, CVE-2026-1526, CVE-2026-1528, CVE-2026-21710, CVE-2026-2229, CVE-2026-27135, CVE-2025-3277, CVE-2026-1525, CVE-2025-55130, CVE-2025-55131, CVE-2023-30589, CVE-2025-31498), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/less@590-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=less-590-1.el9_0.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2024-32487, CVE-2022-46663, CVE-2022-48624), pkg:rpm/redhat/vim-filesystem@8.2.2637-20.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2026-34982, CVE-2026-25749, CVE-2026-33412, CVE-2023-4752), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-5222), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2025-59775, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2026-3497, CVE-2024-6387, CVE-2026-35385, CVE-2023-51767, CVE-2024-6409), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-6020, CVE-2025-8941, CVE-2024-10963), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2025-59775, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-6020, CVE-2025-8941, CVE-2024-10963), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-29111), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/less@590-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=less-590-1.el9_0.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-32487, CVE-2022-46663, CVE-2022-48624), pkg:rpm/redhat/vim-filesystem@8.2.2637-20.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2026-34982, CVE-2026-25749, CVE-2026-33412, CVE-2023-4752), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/python3-cloud-what@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-3899), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-30630), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-44466, CVE-2024-5154, CVE-2025-21927, CVE-2023-1652, CVE-2023-52922, CVE-2024-36971, CVE-2025-21756, CVE-2025-22020, CVE-2025-38052, CVE-2025-38087, CVE-2022-41723, CVE-2025-38471, CVE-2024-42284, CVE-2024-53104, CVE-2025-37750, CVE-2025-38250, CVE-2022-49846, CVE-2023-52933, CVE-2023-53751, CVE-2023-6606, CVE-2023-6610, CVE-2024-35937, CVE-2024-38538, CVE-2024-53150, CVE-2024-57947, CVE-2025-21887, CVE-2025-21893, CVE-2025-21920, CVE-2025-21969, CVE-2025-21979, CVE-2025-21993, CVE-2025-21997, CVE-2025-22026, CVE-2025-22055, CVE-2025-22058, CVE-2025-22104, CVE-2025-22113, CVE-2025-22121, CVE-2025-37738, CVE-2025-37799, CVE-2025-38264, CVE-2022-49977, CVE-2022-50066, CVE-2023-53047, CVE-2023-53107, CVE-2023-6932, CVE-2024-0646, CVE-2024-46858, CVE-2024-50154, CVE-2024-53141, CVE-2025-21727, CVE-2025-21764, CVE-2025-21867, CVE-2025-21919, CVE-2025-21926, CVE-2025-21966, CVE-2025-22004, CVE-2025-22126, CVE-2025-37797, CVE-2025-37803, CVE-2025-37890, CVE-2025-37914, CVE-2025-37943, CVE-2025-38079, CVE-2025-38086, CVE-2025-38124, CVE-2025-38177, CVE-2025-38200, CVE-2025-38332), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/libtiff-devel@4.4.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtiff-4.4.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-9900, CVE-2025-8176, CVE-2026-4775, CVE-2017-17095, CVE-2023-52355, CVE-2023-52356, CVE-2024-7006), pkg:rpm/redhat/graphite2@1.3.14-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=graphite2-1.3.14-9.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2017-5436), pkg:rpm/redhat/libtiff@4.4.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtiff-4.4.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-9900, CVE-2025-8176, CVE-2026-4775, CVE-2017-17095, CVE-2023-52355, CVE-2023-52356, CVE-2024-7006), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/freetype@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-27363), pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-27363), pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libX11-xcb@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libX11-devel@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/glib2-devel@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/libpng@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-33636, CVE-2026-33416, CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, CVE-2026-25646), pkg:rpm/redhat/brotli-devel@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/brotli@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/harfbuzz-devel@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-25193), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/xz-devel@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/harfbuzz-icu@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-25193), pkg:rpm/redhat/harfbuzz@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-25193), pkg:rpm/redhat/libjpeg-turbo-devel@2.0.90-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libjpeg-turbo-2.0.90-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2021-29390), pkg:rpm/redhat/libpng-devel@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, CVE-2026-25646), pkg:rpm/redhat/libjpeg-turbo@2.0.90-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libjpeg-turbo-2.0.90-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2021-29390), pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-5222), pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-5222), pkg:rpm/redhat/pixman@0.40.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pixman-0.40.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2022-44638), pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-3497, CVE-2024-6387, CVE-2026-35385, CVE-2024-6409), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-3497, CVE-2024-6387, CVE-2026-35385, CVE-2023-51767, CVE-2024-6409), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-48385, CVE-2024-32004, CVE-2025-48384, CVE-2024-52005, CVE-2024-32465), pkg:rpm/redhat/git-core@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-48385, CVE-2024-32004, CVE-2025-48384, CVE-2024-52005, CVE-2024-32465), pkg:rpm/redhat/perl-Git@2.39.3-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-48385, CVE-2024-32004, CVE-2025-48384, CVE-2024-52005, CVE-2024-32465), pkg:rpm/redhat/git-core-doc@2.39.3-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-48385, CVE-2024-32004, CVE-2025-48384, CVE-2024-52005, CVE-2024-32465), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=emacs-27.2-8.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-1244, CVE-2024-30205, CVE-2024-39331, CVE-2024-53920), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/less@590-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=less-590-1.el9_0.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-32487, CVE-2022-46663, CVE-2022-48624), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-6020, CVE-2025-8941, CVE-2024-10963), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-lib@0.65-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Find@1.37-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-DynaLoader@1.47-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-44466, CVE-2024-5154, CVE-2025-21927, CVE-2023-1652, CVE-2023-52922, CVE-2024-36971, CVE-2025-21756, CVE-2025-22020, CVE-2025-38052, CVE-2025-38087, CVE-2022-41723, CVE-2025-38471, CVE-2024-42284, CVE-2024-53104, CVE-2025-37750, CVE-2025-38250, CVE-2022-49846, CVE-2023-52933, CVE-2023-53751, CVE-2023-6606, CVE-2023-6610, CVE-2024-35937, CVE-2024-38538, CVE-2024-53150, CVE-2024-57947, CVE-2025-21887, CVE-2025-21893, CVE-2025-21920, CVE-2025-21969, CVE-2025-21979, CVE-2025-21993, CVE-2025-21997, CVE-2025-22026, CVE-2025-22055, CVE-2025-22058, CVE-2025-22104, CVE-2025-22113, CVE-2025-22121, CVE-2025-37738, CVE-2025-37799, CVE-2025-38264, CVE-2022-49977, CVE-2022-50066, CVE-2023-53047, CVE-2023-53107, CVE-2023-6932, CVE-2024-0646, CVE-2024-46858, CVE-2024-50154, CVE-2024-53141, CVE-2025-21727, CVE-2025-21764, CVE-2025-21867, CVE-2025-21919, CVE-2025-21926, CVE-2025-21966, CVE-2025-22004, CVE-2025-22126, CVE-2025-37797, CVE-2025-37803, CVE-2025-37890, CVE-2025-37914, CVE-2025-37943, CVE-2025-38079, CVE-2025-38086, CVE-2025-38124, CVE-2025-38177, CVE-2025-38200, CVE-2025-38332), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-5222), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-6020, CVE-2025-8941, CVE-2024-10963), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-29111), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-27522, CVE-2023-31122, CVE-2024-38477, CVE-2024-47252, CVE-2025-23048, CVE-2025-49812, CVE-2025-59775, CVE-2024-39573, CVE-2025-58098), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/libpq@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2025-1094, CVE-2025-12818), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-5363, CVE-2026-28390, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-39975, CVE-2024-26462, CVE-2024-37370), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-40217, CVE-2026-6100, CVE-2023-6597, CVE-2024-12718, CVE-2025-4517, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519, CVE-2026-4786), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-1312, CVE-2026-0980, CVE-2026-1207, CVE-2026-1287, CVE-2026-1530, CVE-2026-1531, CVE-2026-1961, CVE-2021-46877, CVE-2025-14550, CVE-2025-6176, CVE-2026-1285, CVE-2025-68121), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-38545, CVE-2024-2398), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-6020, CVE-2025-8941, CVE-2024-10963), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-29111), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-3899), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/python3-cloud-what@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-3899), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-3899), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-41989), pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-30630), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/graphite2@1.3.14-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=graphite2-1.3.14-9.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2017-5436), pkg:rpm/redhat/libtiff@4.4.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtiff-4.4.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-9900, CVE-2025-8176, CVE-2026-4775, CVE-2017-17095, CVE-2023-52355, CVE-2023-52356, CVE-2024-7006), pkg:rpm/redhat/freetype@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-27363), pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/libpng@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-33636, CVE-2026-33416, CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, CVE-2026-25646), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=brotli-1.0.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/harfbuzz@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-25193), pkg:rpm/redhat/libjpeg-turbo@2.0.90-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libjpeg-turbo-2.0.90-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2021-29390), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libxslt@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2024-55549, CVE-2025-24855, CVE-2025-7425, CVE-2025-7424), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/xz-devel@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2024-56171, CVE-2025-24928, CVE-2025-7425, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-devel@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2025-5222), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-base@2.27-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=emacs-27.2-8.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-1244, CVE-2024-30205, CVE-2024-39331, CVE-2024-53920), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Compare@1.100.600-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-B@1.80-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Find@1.37-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-DynaLoader@1.47-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2025-5222), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/libX11-devel@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libX11-xcb@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-43787, CVE-2023-3138), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2025-5222), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=emacs-27.2-8.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-1244, CVE-2024-30205, CVE-2024-39331, CVE-2024-53920), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Compare@1.100.600-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-B@1.80-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Find@1.37-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-DynaLoader@1.47-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2025-31115), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2024-0553, CVE-2024-0567), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-31486, CVE-2023-47038), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2024-56406, CVE-2023-47038), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-47038), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2023-29491, CVE-2025-69720)", "name": "rhtpa_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 266 } }, { "msg": "Found 372 medium vulnerabilities.", "metadata": { "details": { "description": "Source: osv-github. Affected dependencies: pkg:npm/tar@6.1.11 [direct] (CVE-2024-28863), pkg:pypi/requests@2.25.1 [direct] (CVE-2023-32681, CVE-2024-35195, CVE-2024-47081, CVE-2026-25645), pkg:npm/brace-expansion@1.1.11 [direct] (CVE-2026-33750), pkg:npm/brace-expansion@2.0.1 [direct] (CVE-2026-33750), pkg:pypi/idna@2.10 [direct] (CVE-2024-3651), pkg:pypi/pip@21.2.3 [direct] (CVE-2023-5752), pkg:pypi/pip@21.3.1 [transitive via pkg:pypi/setuptools@53.0.0] (CVE-2023-5752), pkg:pypi/urllib3@1.26.5 [transitive via pkg:pypi/requests@2.25.1] (CVE-2023-43804, CVE-2025-50181, CVE-2024-37891, CVE-2023-45803), pkg:pypi/idna@2.10 [transitive via pkg:pypi/requests@2.25.1] (CVE-2024-3651); Source: redhat-csaf. Affected dependencies: pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [direct] (CVE-2020-11023), pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [direct] (CVE-2023-34969), pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm [direct] (CVE-2024-12087, CVE-2024-12088, CVE-2024-12086, CVE-2024-12747, CVE-2025-10158), pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [direct] (CVE-2022-4285, CVE-2025-11082, CVE-2025-11083, CVE-2025-5244), pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [direct] (CVE-2020-11023), pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [direct] (CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2025-22150, CVE-2024-21891, CVE-2023-23936, CVE-2024-22020, CVE-2024-22025, CVE-2024-28863, CVE-2025-23167, CVE-2026-1527, CVE-2026-21712, CVE-2026-25547, CVE-2026-26996, CVE-2026-27904, CVE-2024-27982, CVE-2023-31147, CVE-2023-46809, CVE-2025-59466, CVE-2026-21637, CVE-2026-21713, CVE-2026-21717, CVE-2026-2581, CVE-2023-31130, CVE-2023-30588, CVE-2023-39333, CVE-2024-28182, CVE-2025-23085, CVE-2025-55132, CVE-2026-21714, CVE-2026-21711, CVE-2024-21890, CVE-2024-25629, CVE-2023-23920), pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2025-22150, CVE-2024-21891, CVE-2022-35256, CVE-2023-23936, CVE-2024-22020, CVE-2024-22025, CVE-2024-28863, CVE-2025-23167, CVE-2026-1527, CVE-2026-21712, CVE-2026-25547, CVE-2026-26996, CVE-2026-27904, CVE-2024-27982, CVE-2023-31147, CVE-2023-46809, CVE-2025-59466, CVE-2026-21637, CVE-2026-21713, CVE-2026-21717, CVE-2026-2581, CVE-2023-31130, CVE-2023-30588, CVE-2023-39333, CVE-2024-28182, CVE-2025-23085, CVE-2026-21714, CVE-2026-21711, CVE-2024-21890, CVE-2024-25629, CVE-2023-23920), pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm [direct] (CVE-2023-2727, CVE-2023-2728), pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm [direct] (CVE-2021-3826), pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [direct] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [direct] (CVE-2025-26465, CVE-2023-51385, CVE-2023-48795, CVE-2025-61984, CVE-2025-61985, CVE-2026-35414, CVE-2025-32728), pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [direct] (CVE-2020-11023), pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [direct] (CVE-2025-27614, CVE-2024-52006, CVE-2025-27613), pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [direct] (CVE-2007-4559), pkg:rpm/redhat/nodejs-docs@16.19.1-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2025-22150, CVE-2024-21891, CVE-2022-35256, CVE-2023-23936, CVE-2024-22020, CVE-2024-22025, CVE-2024-28863, CVE-2025-23167, CVE-2026-1527, CVE-2026-21712, CVE-2026-25547, CVE-2026-26996, CVE-2026-27904, CVE-2024-27982, CVE-2023-31147, CVE-2023-46809, CVE-2025-59466, CVE-2026-21637, CVE-2026-21713, CVE-2026-21717, CVE-2026-2581, CVE-2023-31130, CVE-2023-30588, CVE-2023-39333, CVE-2024-28182, CVE-2025-23085, CVE-2025-55132, CVE-2026-21714, CVE-2026-21711, CVE-2024-21890, CVE-2024-25629, CVE-2023-23920), pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [direct] (CVE-2020-11023), pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm [direct] (CVE-2021-3826), pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [direct] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm [direct] (CVE-2024-7143, CVE-2023-43804, CVE-2024-37891, CVE-2023-45803), pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [direct] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [direct] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576, CVE-2026-40355, CVE-2026-40356), pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [direct] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm [direct] (CVE-2023-40403), pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [direct] (CVE-2023-39615, CVE-2025-9714, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2025-32414), pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [direct] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [direct] (CVE-2023-4641), pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm [direct] (CVE-2025-40909), pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [direct] (CVE-2022-24963), pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [direct] (CVE-2020-11023), pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm [direct] (CVE-2026-34743), pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [direct] (CVE-2025-40909), pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [direct] (CVE-2022-48554), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [direct] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm [direct] (CVE-2024-38428), pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [direct] (CVE-2025-40909), pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [direct] (CVE-2019-12900), pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [direct] (CVE-2025-40909), pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm [direct] (CVE-2021-3826), pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm [direct] (CVE-2023-43788, CVE-2023-43789), pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm [direct] (CVE-2025-45582), pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [direct] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm [direct] (CVE-2021-3903, CVE-2026-28421, CVE-2026-28417, CVE-2025-53905, CVE-2025-53906), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-50616, CVE-2024-56614, CVE-2024-56615, CVE-2025-21883, CVE-2025-21928, CVE-2025-21929, CVE-2025-21991, CVE-2025-22085, CVE-2021-47383, CVE-2025-21759, CVE-2023-28746, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2024-21823, CVE-2025-21999, CVE-2025-38350, CVE-2024-46695, CVE-2024-50275, CVE-2024-42292, CVE-2024-50302, CVE-2022-49395, CVE-2023-5090, CVE-2024-26664, CVE-2024-50264, CVE-2025-38110, CVE-2024-53122, CVE-2024-53197, CVE-2024-36941, CVE-2024-38627, CVE-2022-50042, CVE-2023-1074, CVE-2023-45862, CVE-2023-52490, CVE-2023-52658, CVE-2023-53597, CVE-2023-53704, CVE-2023-54004, CVE-2023-54093, CVE-2023-54271, CVE-2023-7192, CVE-2024-0443, CVE-2024-26615, CVE-2024-26878, CVE-2024-27046, CVE-2024-27052, CVE-2024-35789, CVE-2024-35852, CVE-2024-35890, CVE-2024-35907, CVE-2024-35952, CVE-2024-35989, CVE-2024-39483, CVE-2024-40959, CVE-2024-41035, CVE-2024-41064, CVE-2024-42079, CVE-2024-42272, CVE-2024-42283, CVE-2024-42322, CVE-2024-43854, CVE-2024-44990, CVE-2024-44994, CVE-2024-45018, CVE-2024-46713, CVE-2024-46824, CVE-2024-49949, CVE-2024-50208, CVE-2024-50251, CVE-2024-50252, CVE-2024-53113, CVE-2025-21669, CVE-2025-21962, CVE-2025-21963, CVE-2025-21964, CVE-2025-37785, CVE-2025-38234, CVE-2023-52448, CVE-2023-53755, CVE-2024-47745, CVE-2024-53088, CVE-2025-21961, CVE-2025-22036, CVE-2025-38417, CVE-2023-52771, CVE-2023-52864, CVE-2024-26855, CVE-2024-35845, CVE-2024-36922, CVE-2024-38555, CVE-2024-38556, CVE-2024-43855, CVE-2024-46826, CVE-2024-26897, CVE-2024-38586), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/cpp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/gcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libquadmath@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-4285, CVE-2025-11082, CVE-2025-11083, CVE-2025-5244), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-4285, CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-11413, CVE-2025-5244), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=emacs-27.2-8.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-30203, CVE-2024-30204), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/vim-filesystem@8.2.2637-20.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2021-3903, CVE-2026-28421, CVE-2026-28417, CVE-2025-53905, CVE-2025-53906), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=tpm2-tss-3.0.3-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-22745), pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-22365, CVE-2024-10041), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libeconf-0.4.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-22652), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-22365, CVE-2024-10041), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-40224, CVE-2026-4105, CVE-2026-40225, CVE-2026-40226, CVE-2023-7008, CVE-2026-40227, CVE-2025-4598, CVE-2026-40223), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libeconf-0.4.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-22652), pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/go-srpm-macros@3.2.0-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=go-rpm-macros-3.2.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-47906), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/qt5-srpm-macros@5.15.3-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=qt5-5.15.3-1.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-32573, CVE-2023-33285, CVE-2023-34410), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-AutoLoader@5.74-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-B@1.80-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-base@2.27-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-22365, CVE-2024-10041), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-40224, CVE-2026-4105, CVE-2026-40225, CVE-2026-40226, CVE-2023-7008, CVE-2026-40227, CVE-2025-4598, CVE-2026-40223), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/expat-devel@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libeconf-0.4.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-22652), pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/freetype@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-23865), pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/glib2-devel@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2023-29499, CVE-2025-4373), pkg:rpm/redhat/libpng@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-22801, CVE-2025-28162, CVE-2025-64506, CVE-2026-22695, CVE-2026-3713, CVE-2025-28164, CVE-2025-64505), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/harfbuzz@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-22693), pkg:rpm/redhat/libpng-devel@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-22801, CVE-2026-22695), pkg:rpm/redhat/libmount-devel@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libblkid-devel@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/bzip2-devel@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/openssl-devel@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2024-22365, CVE-2024-10041), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libeconf-0.4.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-22652), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2022-4285, CVE-2025-11082, CVE-2025-11083, CVE-2025-5244), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2022-4285, CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-11413, CVE-2025-5244), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-50616, CVE-2024-56614, CVE-2024-56615, CVE-2025-21883, CVE-2025-21928, CVE-2025-21929, CVE-2025-21991, CVE-2025-22085, CVE-2021-47383, CVE-2025-21759, CVE-2023-28746, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2024-21823, CVE-2025-21999, CVE-2025-38350, CVE-2024-46695, CVE-2024-50275, CVE-2024-42292, CVE-2024-50302, CVE-2022-49395, CVE-2023-5090, CVE-2024-26664, CVE-2024-50264, CVE-2025-38110, CVE-2024-53122, CVE-2024-53197, CVE-2024-36941, CVE-2024-38627, CVE-2022-50042, CVE-2023-1074, CVE-2023-45862, CVE-2023-52490, CVE-2023-52658, CVE-2023-53597, CVE-2023-53704, CVE-2023-54004, CVE-2023-54093, CVE-2023-54271, CVE-2023-7192, CVE-2024-0443, CVE-2024-26615, CVE-2024-26878, CVE-2024-27046, CVE-2024-27052, CVE-2024-35789, CVE-2024-35852, CVE-2024-35890, CVE-2024-35907, CVE-2024-35952, CVE-2024-35989, CVE-2024-39483, CVE-2024-40959, CVE-2024-41035, CVE-2024-41064, CVE-2024-42079, CVE-2024-42272, CVE-2024-42283, CVE-2024-42322, CVE-2024-43854, CVE-2024-44990, CVE-2024-44994, CVE-2024-45018, CVE-2024-46713, CVE-2024-46824, CVE-2024-49949, CVE-2024-50208, CVE-2024-50251, CVE-2024-50252, CVE-2024-53113, CVE-2025-21669, CVE-2025-21962, CVE-2025-21963, CVE-2025-21964, CVE-2025-37785, CVE-2025-38234, CVE-2023-52448, CVE-2023-53755, CVE-2024-47745, CVE-2024-53088, CVE-2025-21961, CVE-2025-22036, CVE-2025-38417, CVE-2023-52771, CVE-2023-52864, CVE-2024-26855, CVE-2024-35845, CVE-2024-36922, CVE-2024-38555, CVE-2024-38556, CVE-2024-43855, CVE-2024-46826, CVE-2024-26897, CVE-2024-38586), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/cpp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/gcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-4285, CVE-2025-11082, CVE-2025-11083, CVE-2025-5244), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-4285, CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-11413, CVE-2025-5244), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-22150, CVE-2024-21891, CVE-2022-35256, CVE-2023-23936, CVE-2024-22020, CVE-2024-22025, CVE-2024-28863, CVE-2025-23167, CVE-2026-1527, CVE-2026-21712, CVE-2026-25547, CVE-2026-26996, CVE-2026-27904, CVE-2024-27982, CVE-2023-31147, CVE-2023-46809, CVE-2025-59466, CVE-2026-21637, CVE-2026-21713, CVE-2026-21717, CVE-2026-2581, CVE-2023-31130, CVE-2023-30588, CVE-2023-39333, CVE-2024-28182, CVE-2025-23085, CVE-2026-21714, CVE-2026-21711, CVE-2024-21890, CVE-2024-25629, CVE-2023-23920), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-22150, CVE-2023-23936, CVE-2024-22025, CVE-2026-1527, CVE-2026-21712, CVE-2026-25547, CVE-2026-26996, CVE-2026-27904, CVE-2024-27982, CVE-2023-31147, CVE-2025-59466, CVE-2026-21637, CVE-2026-21713, CVE-2026-21717, CVE-2026-2581, CVE-2023-31130, CVE-2023-30588, CVE-2024-28182, CVE-2025-23085, CVE-2026-21714, CVE-2026-21711, CVE-2024-25629, CVE-2023-23920), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-22150, CVE-2024-21891, CVE-2022-35256, CVE-2023-23936, CVE-2024-22020, CVE-2024-22025, CVE-2024-28863, CVE-2025-23167, CVE-2026-1527, CVE-2026-21712, CVE-2026-25547, CVE-2026-26996, CVE-2026-27904, CVE-2024-27982, CVE-2023-31147, CVE-2023-46809, CVE-2025-59466, CVE-2026-21637, CVE-2026-21713, CVE-2026-21717, CVE-2026-2581, CVE-2023-31130, CVE-2023-30588, CVE-2023-39333, CVE-2024-28182, CVE-2025-23085, CVE-2026-21714, CVE-2026-21711, CVE-2024-21890, CVE-2024-25629, CVE-2023-23920), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-22150, CVE-2023-23936, CVE-2024-22025, CVE-2026-1527, CVE-2026-21712, CVE-2026-25547, CVE-2026-26996, CVE-2026-27904, CVE-2024-27982, CVE-2023-31147, CVE-2025-59466, CVE-2026-21637, CVE-2026-21713, CVE-2026-21717, CVE-2026-2581, CVE-2023-31130, CVE-2023-30588, CVE-2024-28182, CVE-2025-23085, CVE-2026-21714, CVE-2026-21711, CVE-2024-25629, CVE-2023-23920), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/vim-filesystem@8.2.2637-20.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2021-3903, CVE-2026-28421, CVE-2026-28417, CVE-2025-53905, CVE-2025-53906), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=tpm2-tss-3.0.3-8.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-22745), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-26465, CVE-2023-51385, CVE-2023-48795, CVE-2025-61984, CVE-2025-61985, CVE-2026-35414, CVE-2025-32728), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-22365, CVE-2024-10041), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libeconf-0.4.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-22652), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-22365, CVE-2024-10041), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-40224, CVE-2026-4105, CVE-2026-40225, CVE-2026-40226, CVE-2023-7008, CVE-2026-40227, CVE-2025-4598, CVE-2026-40223), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libeconf-0.4.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-22652), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/vim-filesystem@8.2.2637-20.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2021-3903, CVE-2026-28421, CVE-2026-28417, CVE-2025-53905, CVE-2025-53906), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=tpm2-tss-3.0.3-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-22745), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=tpm2-tss-3.0.3-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-22745), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/python3-requests@2.25.1-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-requests-2.25.1-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-32681, CVE-2024-35195, CVE-2024-47081), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-50616, CVE-2024-56614, CVE-2024-56615, CVE-2025-21883, CVE-2025-21928, CVE-2025-21929, CVE-2025-21991, CVE-2025-22085, CVE-2021-47383, CVE-2025-21759, CVE-2023-28746, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2024-21823, CVE-2025-21999, CVE-2025-38350, CVE-2024-46695, CVE-2024-50275, CVE-2024-42292, CVE-2024-50302, CVE-2022-49395, CVE-2023-5090, CVE-2024-26664, CVE-2024-50264, CVE-2025-38110, CVE-2024-53122, CVE-2024-53197, CVE-2024-36941, CVE-2024-38627, CVE-2022-50042, CVE-2023-1074, CVE-2023-45862, CVE-2023-52490, CVE-2023-52658, CVE-2023-53597, CVE-2023-53704, CVE-2023-54004, CVE-2023-54093, CVE-2023-54271, CVE-2023-7192, CVE-2024-0443, CVE-2024-26615, CVE-2024-26878, CVE-2024-27046, CVE-2024-27052, CVE-2024-35789, CVE-2024-35852, CVE-2024-35890, CVE-2024-35907, CVE-2024-35952, CVE-2024-35989, CVE-2024-39483, CVE-2024-40959, CVE-2024-41035, CVE-2024-41064, CVE-2024-42079, CVE-2024-42272, CVE-2024-42283, CVE-2024-42322, CVE-2024-43854, CVE-2024-44990, CVE-2024-44994, CVE-2024-45018, CVE-2024-46713, CVE-2024-46824, CVE-2024-49949, CVE-2024-50208, CVE-2024-50251, CVE-2024-50252, CVE-2024-53113, CVE-2025-21669, CVE-2025-21962, CVE-2025-21963, CVE-2025-21964, CVE-2025-37785, CVE-2025-38234, CVE-2023-52448, CVE-2023-53755, CVE-2024-47745, CVE-2024-53088, CVE-2025-21961, CVE-2025-22036, CVE-2025-38417, CVE-2023-52771, CVE-2023-52864, CVE-2024-26855, CVE-2024-35845, CVE-2024-36922, CVE-2024-38555, CVE-2024-38556, CVE-2024-43855, CVE-2024-46826, CVE-2024-26897, CVE-2024-38586), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/cpp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/gcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-4285, CVE-2025-11082, CVE-2025-11083, CVE-2025-5244), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-4285, CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-11413, CVE-2025-5244), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-39615, CVE-2025-9714, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2025-32414), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/libtiff-devel@4.4.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtiff-4.4.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2022-40090, CVE-2023-3618, CVE-2023-40745, CVE-2023-41175, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2022-48281, CVE-2023-0799, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-3316, CVE-2023-3576), pkg:rpm/redhat/libtiff@4.4.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtiff-4.4.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2022-40090, CVE-2023-3618, CVE-2023-40745, CVE-2023-41175, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2022-48281, CVE-2023-0799, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-3316, CVE-2023-3576, CVE-2025-61143, CVE-2025-61144, CVE-2025-61145), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/freetype@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-23865), pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libX11-xcb@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libX11-devel@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/glib2-devel@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2023-29499, CVE-2025-4373), pkg:rpm/redhat/libpng@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-22801, CVE-2025-28162, CVE-2025-64506, CVE-2026-22695, CVE-2026-3713, CVE-2025-28164, CVE-2025-64505), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/harfbuzz@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-22693), pkg:rpm/redhat/libpng-devel@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-22801, CVE-2026-22695), pkg:rpm/redhat/libmount-devel@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libblkid-devel@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/libXpm@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43788, CVE-2023-43789), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43788, CVE-2023-43789), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/bzip2-devel@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-26465, CVE-2023-51385, CVE-2023-48795, CVE-2025-61984, CVE-2025-61985, CVE-2026-35414, CVE-2025-32728), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-26465, CVE-2023-51385, CVE-2023-48795, CVE-2025-61984, CVE-2025-61985, CVE-2026-35414, CVE-2025-32728), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-27614, CVE-2024-52006, CVE-2025-27613), pkg:rpm/redhat/git-core@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-27614, CVE-2024-52006, CVE-2025-27613), pkg:rpm/redhat/perl-Git@2.39.3-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-27614, CVE-2024-52006, CVE-2025-27613), pkg:rpm/redhat/git-core-doc@2.39.3-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-27614, CVE-2024-52006, CVE-2025-27613), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=emacs-27.2-8.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-30203, CVE-2024-30204), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-22365, CVE-2024-10041), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-lib@0.65-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Find@1.37-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-DynaLoader@1.47-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libeconf-0.4.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-22652), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-devel@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-50616, CVE-2024-56614, CVE-2024-56615, CVE-2025-21883, CVE-2025-21928, CVE-2025-21929, CVE-2025-21991, CVE-2025-22085, CVE-2021-47383, CVE-2025-21759, CVE-2023-28746, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2024-21823, CVE-2025-21999, CVE-2025-38350, CVE-2024-46695, CVE-2024-50275, CVE-2024-42292, CVE-2024-50302, CVE-2022-49395, CVE-2023-5090, CVE-2024-26664, CVE-2024-50264, CVE-2025-38110, CVE-2024-53122, CVE-2024-53197, CVE-2024-36941, CVE-2024-38627, CVE-2022-50042, CVE-2023-1074, CVE-2023-45862, CVE-2023-52490, CVE-2023-52658, CVE-2023-53597, CVE-2023-53704, CVE-2023-54004, CVE-2023-54093, CVE-2023-54271, CVE-2023-7192, CVE-2024-0443, CVE-2024-26615, CVE-2024-26878, CVE-2024-27046, CVE-2024-27052, CVE-2024-35789, CVE-2024-35852, CVE-2024-35890, CVE-2024-35907, CVE-2024-35952, CVE-2024-35989, CVE-2024-39483, CVE-2024-40959, CVE-2024-41035, CVE-2024-41064, CVE-2024-42079, CVE-2024-42272, CVE-2024-42283, CVE-2024-42322, CVE-2024-43854, CVE-2024-44990, CVE-2024-44994, CVE-2024-45018, CVE-2024-46713, CVE-2024-46824, CVE-2024-49949, CVE-2024-50208, CVE-2024-50251, CVE-2024-50252, CVE-2024-53113, CVE-2025-21669, CVE-2025-21962, CVE-2025-21963, CVE-2025-21964, CVE-2025-37785, CVE-2025-38234, CVE-2023-52448, CVE-2023-53755, CVE-2024-47745, CVE-2024-53088, CVE-2025-21961, CVE-2025-22036, CVE-2025-38417, CVE-2023-52771, CVE-2023-52864, CVE-2024-26855, CVE-2024-35845, CVE-2024-36922, CVE-2024-38555, CVE-2024-38556, CVE-2024-43855, CVE-2024-46826, CVE-2024-26897, CVE-2024-38586), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/cpp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/gcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libquadmath@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-4285, CVE-2025-11082, CVE-2025-11083, CVE-2025-5244), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-4285, CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-11413, CVE-2025-5244), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2021-3826), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-22365, CVE-2024-10041), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-40224, CVE-2026-4105, CVE-2026-40225, CVE-2026-40226, CVE-2023-7008, CVE-2026-40227, CVE-2025-4598, CVE-2026-40223), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libeconf-0.4.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-22652), pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=tpm2-tss-3.0.3-8.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-22745), pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/python3-idna@2.10-7.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-idna-2.10-7.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-3651), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/httpd-core@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/httpd-tools@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/httpd-filesystem@2.4.53-11.el9_2.5?arch=noarch\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-38709, CVE-2025-65082, CVE-2025-66200, CVE-2024-38473, CVE-2024-24795), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=tpm2-tss-3.0.3-8.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-22745), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2025-9231, CVE-2026-22796, CVE-2026-28388, CVE-2026-28389, CVE-2026-31790, CVE-2026-31789, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2025-68160, CVE-2026-28386, CVE-2025-69418), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2026-5713, CVE-2025-13837, CVE-2026-4224, CVE-2007-4559, CVE-2026-3644, CVE-2023-27043, CVE-2024-8088, CVE-2025-12781, CVE-2026-3446, CVE-2024-0397, CVE-2024-7592, CVE-2025-15282, CVE-2025-11468, CVE-2026-0865, CVE-2026-1502, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/python3-libcomps@0.1.18-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcomps-0.1.18-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-28863, CVE-2026-4324), pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnupg2-2.3.3-2.el9_0.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-68972), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2023-46218, CVE-2025-9086, CVE-2023-27533), pkg:rpm/redhat/pam@1.5.1-14.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pam-1.5.1-14.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-22365, CVE-2024-10041), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-40224, CVE-2026-4105, CVE-2026-40225, CVE-2026-40226, CVE-2023-7008, CVE-2026-40227, CVE-2025-4598, CVE-2026-40223), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nghttp2-1.43.0-5.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libeconf-0.4.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-22652), pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm-build-libs@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/python3-rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm@4.16.1.3-22.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rpm-4.16.1.3-22.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2727, CVE-2023-2728), pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=tpm2-tss-3.0.3-8.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-22745), pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=gmp-6.2.0-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-34969), pkg:rpm/redhat/libsmartcols@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/python3-requests@2.25.1-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-requests-2.25.1-6.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-32681, CVE-2024-35195, CVE-2024-47081), pkg:rpm/redhat/util-linux-core@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libfdisk@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgomp@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/systemd-pam@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/systemd-rpm-macros@252-13.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/systemd-libs@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-7008, CVE-2025-4598), pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-4641), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/libtiff@4.4.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtiff-4.4.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2022-40090, CVE-2023-3618, CVE-2023-40745, CVE-2023-41175, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2022-48281, CVE-2023-0799, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-3316, CVE-2023-3576, CVE-2025-61143, CVE-2025-61144, CVE-2025-61145), pkg:rpm/redhat/freetype@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-23865), pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/libpng@1.6.37-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=libpng-1.6.37-12.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-22801, CVE-2025-28162, CVE-2025-64506, CVE-2026-22695, CVE-2026-3713, CVE-2025-28164, CVE-2025-64505), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/harfbuzz@2.7.4-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=harfbuzz-2.7.4-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-22693), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/libXpm@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-43788, CVE-2023-43789), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2023-39615, CVE-2025-9714, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2025-32414), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libxslt@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2023-40403, CVE-2025-10911), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2023-39615, CVE-2026-6732, CVE-2025-9714, CVE-2026-1757, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2026-0990, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/json-c@0.14-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=json-c-0.14-11.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libquadmath@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libgfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/atlas-devel@3.10.3-17.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=atlas-3.10.3-17.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=icu-67.1-9.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-locale-source@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-base@2.27-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-IP@0.41-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-IP-0.41-5.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-US@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/pcre-cpp@8.44-3.el9.3?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pcre-8.44-3.el9.3.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Digest@1.19-4.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Digest-1.19-4.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/apr@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2022-24963), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/apr-devel@1.7.0-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-1.7.0-11.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libstdc%2B%2B-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/xz@5.2.5-8.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=xz-5.2.5-8.el9_0.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper-libs@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-FileHandle@2.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=emacs-27.2-8.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2024-30203, CVE-2024-30204), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Compare@1.100.600-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-B@1.80-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Find@1.37-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-DynaLoader@1.47-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/automake@1.16.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=automake-1.16.2-6.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libdb-devel@5.3.28-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdb-5.3.28-53.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/file-libs@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm [transitive via pkg:rpm/redhat/file@5.39-12.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=file-5.39-12.el9.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libverto-devel@0.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libverto-0.3.2-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/patch@2.7.6-16.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=patch-2.7.6-16.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-headers@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/wget@1.21.1-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=wget-1.21.1-7.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/bzip2@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libgpg-error-devel@1.42-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgpg-error-1.42-5.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libpsl@0.21.1-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpsl-0.21.1-5.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libtool-ltdl@2.4.6-45.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtool-2.4.6-45.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-NDBM_File@1.15-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Thread-Queue@3.14-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Thread-Queue-3.14-460.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-gdbserver@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libipt@2.0.4-5.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libipt-2.0.4-5.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libcom_err-devel@1.46.5-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=e2fsprogs-1.46.5-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libxcrypt-compat@4.4.18-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxcrypt-4.4.18-3.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libpath_utils@0.2.1-53.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ding-libs-0.6.1-53.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/boost-regex@1.75.0-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=boost-1.75.0-8.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/xorg-x11-proto-devel@2021.4-2.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=xorg-x11-proto-devel-2021.4-2.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libtalloc@2.3.4-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtalloc-2.3.4-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/m4@1.4.19-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=m4-1.4.19-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/libX11-devel@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libX11-xcb@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libX11-1.7.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-43785, CVE-2023-43786), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libXpm@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libXpm-3.5.13-8.el9_1.src.rpm] (CVE-2023-43788, CVE-2023-43789), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/source-highlight@3.1.9-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=source-highlight-3.1.9-11.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-31.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=rootfiles-8.1-31.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/hostname@3.23-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=hostname-3.23-6.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dmidecode-3.3-7.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/emacs-filesystem@27.2-8.el9_2.1?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=emacs-27.2-8.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2024-30203, CVE-2024-30204), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Compare@1.100.600-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-B@1.80-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Copy@2.34-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Find@1.37-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-DynaLoader@1.47-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/autoconf@2.69-38.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=autoconf-2.69-38.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/keyutils-libs-devel@1.6.3-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=keyutils-1.6.3-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2026-4878), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gnutls-3.7.6-20.el9_2.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libuuid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtasn1-4.16.0-8.el9_1.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=p11-kit-0.24.1-2.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2026-2100), pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=bzip2-1.0.8-8.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en-GB@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/hunspell-en@0.20140811.1-20.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=hunspell-en-0.20140811.1-20.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/perl-HTTP-Tiny@0.076-460.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-HTTP-Tiny-0.076-460.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/perl-POSIX@1.94-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Symbol@1.08-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-mro@1.23-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-SelectSaver@1.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Getopt-Std@1.12-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Class-Struct@0.66-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-subs@1.03-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-vars@1.05-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-interpreter@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overload@1.31-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-libs@5.32.1-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=4\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-if@0.60.800-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-stat@1.09-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Fcntl@1.13-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IO@1.43-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-File-Basename@2.85-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-IPC-Open3@1.21-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Errno@1.30-480.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-overloading@0.02-480.el9?arch=noarch\u0026distro=rhel-9.2\u0026epoch=0\u0026upstream=perl-5.32.1-480.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-constant@1.33-461.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-constant-1.33-461.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2025-40909), pkg:rpm/redhat/perl-Storable@3.21-460.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=perl-Storable-3.21-460.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2017-20230), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/nss_wrapper@1.1.13-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=nss_wrapper-1.1.13-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/llvm-libs@15.0.7-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=llvm-15.0.7-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/tar@1.34-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=tar-1.34-6.el9_1.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libstdc%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/annobin@11.05-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=annobin-11.05-1.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/glibc-gconv-extra@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-langpack-en@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glibc-2.34-60.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2023-4527, CVE-2026-4437, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2026-5435, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602, CVE-2026-4438), pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=ncurses-6.2-8.20210508.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm [transitive via pkg:rpm/redhat/vim-minimal@8.2.2637-20.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=vim-8.2.2637-20.el9_1.src.rpm] (CVE-2020-11023)", "name": "rhtpa_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 372 } }, { "msg": "Found 72 low vulnerabilities.", "metadata": { "details": { "description": "Source: osv-github. Affected dependencies: pkg:npm/brace-expansion@1.1.11 [direct] (CVE-2025-5889), pkg:npm/brace-expansion@2.0.1 [direct] (CVE-2025-5889), pkg:npm/%40tootallnate/once@2.0.0 [direct] (CVE-2026-3449); Source: redhat-csaf. Affected dependencies: pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm [direct] (CVE-2023-4016), pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm [direct] (CVE-2024-36387), pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2023-45143, CVE-2024-36137, CVE-2026-21716, CVE-2023-31124, CVE-2025-23165, CVE-2026-21715, CVE-2024-22018), pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2023-45143, CVE-2024-36137, CVE-2026-21716, CVE-2023-31124, CVE-2025-23165, CVE-2026-21715, CVE-2024-22018, CVE-2025-55132), pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [direct] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [direct] (CVE-2026-35386, CVE-2026-35387, CVE-2026-35388), pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [direct] (CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2025-46835), pkg:rpm/redhat/nodejs-docs@16.19.1-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [direct] (CVE-2023-45143, CVE-2024-36137, CVE-2026-21716, CVE-2023-31124, CVE-2025-23165, CVE-2026-21715, CVE-2024-22018), pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm [direct] (CVE-2022-41862), pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [direct] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [direct] (CVE-2025-70873), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [direct] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-50846, CVE-2023-53639, CVE-2023-54153, CVE-2023-54267), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/libquadmath-devel@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-11412, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-11839, CVE-2025-11840, CVE-2025-66861, CVE-2025-66862, CVE-2025-66863, CVE-2025-66864, CVE-2025-66865, CVE-2025-66866, CVE-2025-69647, CVE-2025-69648, CVE-2025-69649, CVE-2025-69650, CVE-2025-69652, CVE-2025-69645, CVE-2025-69646, CVE-2025-69651), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-libdnf@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-data@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=dbus-1.12.20-7.el9_1.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/usermode@1.114-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=usermode-1.114-4.el9.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/rsync@3.2.3-19.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=rsync-3.2.3-19.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-40228), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/cyrus-sasl-devel@2.1.27-21.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=cyrus-sasl-2.1.27-21.el9.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pysocks@1.7.1-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pysocks-1.7.1-12.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-six@1.15.0-9.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-six-1.15.0-9.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=pygobject3-3.40.1-6.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/redhat-rpm-config@199-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=redhat-rpm-config-199-1.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/crypto-policies-scripts@20221215-1.git9a18988.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=crypto-policies-20221215-1.git9a18988.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/perl-IO-Socket-SSL@2.073-1.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-IO-Socket-SSL-2.073-1.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_http2@1.15.19-4.el9_2.4?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_http2-1.15.19-4.el9_2.4.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ssl@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-40228), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/httpd-devel@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/apr-util-openssl@1.6.1-20.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=apr-util-1.6.1-20.el9_2.1.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/glib2-devel@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2024-34397), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=freetype-2.10.4-9.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl-devel@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mariadb-connector-c-devel@3.2.6-1.el9_0?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mariadb-connector-c-3.2.6-1.el9_0.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/virt-what@1.25-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=virt-what-1.25-3.el9.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_ldap@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/binutils-gold@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm] (CVE-2025-11412, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-11839, CVE-2025-11840, CVE-2025-66861, CVE-2025-66862, CVE-2025-66863, CVE-2025-66864, CVE-2025-66865, CVE-2025-66866, CVE-2025-69647, CVE-2025-69648, CVE-2025-69649, CVE-2025-69650, CVE-2025-69652, CVE-2025-69645, CVE-2025-69646, CVE-2025-69651), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-setuptools@53.0.0-12.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-setuptools-53.0.0-12.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/cmake-rpm-macros@3.20.2-8.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=cmake-3.20.2-8.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-50846, CVE-2023-53639, CVE-2023-54153, CVE-2023-54267), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-11412, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-11839, CVE-2025-11840, CVE-2025-66861, CVE-2025-66862, CVE-2025-66863, CVE-2025-66864, CVE-2025-66865, CVE-2025-66866, CVE-2025-69647, CVE-2025-69648, CVE-2025-69649, CVE-2025-69650, CVE-2025-69652, CVE-2025-69645, CVE-2025-69646, CVE-2025-69651), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-librepo@1.14.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=librepo-1.14.5-1.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/bsdtar@3.5.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libarchive-3.5.3-4.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_auth_gssapi@1.6.3-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=mod_auth_gssapi-1.6.3-7.el9.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-45143, CVE-2024-36137, CVE-2026-21716, CVE-2023-31124, CVE-2025-23165, CVE-2026-21715, CVE-2024-22018, CVE-2025-55132), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2026-21716, CVE-2023-31124, CVE-2025-23165, CVE-2026-21715, CVE-2025-55132), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/npm@8.19.3-1.16.19.1.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/nodejs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-45143, CVE-2024-36137, CVE-2026-21716, CVE-2023-31124, CVE-2025-23165, CVE-2026-21715, CVE-2024-22018, CVE-2025-55132), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/nodejs-libs@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2026-21716, CVE-2023-31124, CVE-2025-23165, CVE-2026-21715, CVE-2025-55132), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/nodejs-full-i18n@16.19.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=nodejs-16.19.1-1.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-decorator-4.4.2-6.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=lsof-4.94.0-3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm [transitive via pkg:rpm/redhat/environment-modules@5.0.1-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=environment-modules-5.0.1-2.el9.src.rpm] (CVE-2023-4016), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/yum@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-devel@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-systemd@234-18.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-systemd-234-18.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_session@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2026-35386, CVE-2026-35387, CVE-2026-35388), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-chardet@4.0.0-5.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-chardet-4.0.0-5.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-hawkey@0.69.0-3.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libdnf-0.69.0-3.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-40228), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/httpd@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/procps-ng@3.3.17-11.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=procps-ng-3.3.17-11.el9.src.rpm [transitive via pkg:rpm/redhat/scl-utils@2.0.3-4.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=scl-utils-2.0.3-4.el9.src.rpm] (CVE-2023-4016), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-dnf@4.14.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-4.14.0-5.el9_2.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/python3-subscription-manager-rhsm@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-50846, CVE-2023-53639, CVE-2023-54153, CVE-2023-54267), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-c%2B%2B@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-11412, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-11839, CVE-2025-11840, CVE-2025-66861, CVE-2025-66862, CVE-2025-66863, CVE-2025-66864, CVE-2025-66865, CVE-2025-66866, CVE-2025-69647, CVE-2025-69648, CVE-2025-69649, CVE-2025-69650, CVE-2025-69652, CVE-2025-69645, CVE-2025-69646, CVE-2025-69651), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/libtiff-devel@4.4.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtiff-4.4.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-6228), pkg:rpm/redhat/libtiff@4.4.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtiff-4.4.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-6228), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/glib2-devel@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-34397), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/openssh-clients@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-35386, CVE-2026-35387, CVE-2026-35388), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/openssh@8.7p1-29.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openssh-8.7p1-29.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-35386, CVE-2026-35387, CVE-2026-35388), pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2025-46835), pkg:rpm/redhat/git-core@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2025-46835), pkg:rpm/redhat/perl-Git@2.39.3-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2025-46835), pkg:rpm/redhat/git-core-doc@2.39.3-1.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2025-46835), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/git@2.39.3-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=git-2.39.3-1.el9_2.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-pip@21.2.3-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-pip-21.2.3-6.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/kernel-headers@5.14.0-284.11.1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=kernel-5.14.0-284.11.1.el9_2.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2022-50846, CVE-2023-53639, CVE-2023-54153, CVE-2023-54267), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/binutils@2.35.2-37.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=binutils-2.35.2-37.el9.src.rpm [transitive via pkg:rpm/redhat/gcc-gfortran@11.3.1-4.3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gcc-11.3.1-4.3.el9.src.rpm] (CVE-2025-11412, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-11839, CVE-2025-11840, CVE-2025-66861, CVE-2025-66862, CVE-2025-66863, CVE-2025-66864, CVE-2025-66865, CVE-2025-66866, CVE-2025-69647, CVE-2025-69648, CVE-2025-69649, CVE-2025-69650, CVE-2025-69652, CVE-2025-69645, CVE-2025-69646, CVE-2025-69651), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gdb@10.2-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gdb-10.2-10.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-40228), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/openldap-devel@2.6.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=openldap-2.6.2-3.el9.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-ethtool@0.15-2.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python-ethtool-0.15-2.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libkadm5@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/dnf-plugins-core@4.3.0-5.el9_2?arch=noarch\u0026distro=rhel-9.2\u0026upstream=dnf-plugins-core-4.3.0-5.el9_2.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-urllib3@1.26.5-3.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-urllib3-1.26.5-3.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/mod_lua@2.4.53-11.el9_2.5?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=httpd-2.4.53-11.el9_2.5.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libpq@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2022-41862), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libpq-devel@13.5-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libpq-13.5-1.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/sscg@3.0.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sscg-3.0.0-7.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/krb5-devel@1.20.1-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=krb5-1.20.1-8.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/python3-inotify@0.9.6-25.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=python-inotify-0.9.6-25.el9.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/libdnf-plugin-subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libcurl-devel@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/openssl@3.0.7-6.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=openssl-3.0.7-6.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-2511, CVE-2026-28387, CVE-2025-9232, CVE-2026-2673), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/python3@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2026-2297, CVE-2026-3479, CVE-2024-5642, CVE-2025-13462), pkg:rpm/redhat/python3-libs@3.9.16-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=python3.9-3.9.16-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcurl-minimal@7.76.1-23.el9_2.1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9_2.1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/curl-minimal@7.76.1-23.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=curl-7.76.1-23.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), pkg:rpm/redhat/systemd@252-13.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=systemd-252-13.el9_2.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-40228), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/expat@2.5.0-1.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=expat-2.5.0-1.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-41080), pkg:rpm/redhat/libgcrypt@1.10.0-10.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libgcrypt-1.10.0-10.el9_1.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-41990), pkg:rpm/redhat/util-linux@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/shadow-utils@4.9-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=2\u0026upstream=shadow-utils-4.9-6.el9.src.rpm [transitive via pkg:rpm/redhat/subscription-manager@1.29.33.1-1.el9_2?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=subscription-manager-1.29.33.1-1.el9_2.src.rpm] (CVE-2024-56433), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/libtiff@4.4.0-7.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libtiff-4.4.0-7.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-6228), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/gd@2.3.2-3.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=gd-2.3.2-3.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/libxslt@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm [transitive via pkg:rpm/redhat/libxslt-devel@1.1.34-9.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxslt-1.1.34-9.el9.src.rpm] (CVE-2025-11731), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/perl-Mozilla-CA@20200520-6.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=perl-Mozilla-CA-20200520-6.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/xml-common@0.6.3-58.el9?arch=noarch\u0026distro=rhel-9.2\u0026upstream=sgml-common-0.6.3-58.el9.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm [transitive via pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libxml2-2.9.13-3.el9_1.src.rpm] (CVE-2026-0989, CVE-2026-0992, CVE-2025-6170), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/enchant@1.6.0-30.el9?arch=x86_64\u0026distro=rhel-9.2\u0026epoch=1\u0026upstream=enchant-1.6.0-30.el9.src.rpm] (CVE-2026-3184), pkg:rpm/redhat/sqlite@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm [transitive via pkg:rpm/redhat/sqlite-devel@3.34.1-6.el9_1?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=sqlite-3.34.1-6.el9_1.src.rpm] (CVE-2025-70873), pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=libcap-2.48-8.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.68.4-6.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=glib2-2.68.4-6.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2024-34397, CVE-2025-7039, CVE-2026-0988), pkg:rpm/redhat/libblkid@2.37.4-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=util-linux-2.37.4-10.el9.src.rpm [transitive via pkg:rpm/redhat/libbabeltrace@1.5.8-10.el9?arch=x86_64\u0026distro=rhel-9.2\u0026upstream=babeltrace-1.5.8-10.el9.src.rpm] (CVE-2026-3184)", "name": "rhtpa_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 72 } } ] } ] {"vulnerabilities":{"critical":14,"high":266,"medium":372,"low":72,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-8db91b08c42f4543dde16ba8ac772c5a35f83632", "digests": ["sha256:b4bae6cd649fa727918fa00bbf740a7fdd429feb319a7b56f28fed4c5c2b1901"]}} {"result":"SUCCESS","timestamp":"2026-05-02T06:00:37+00:00","note":"Task tpa-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by TPA.","namespace":"default","successes":0,"failures":0,"warnings":0} New PipelineRun python-component-sukmsc-on-pull-request-2vxmt found after retrigger for component build-e2e-wqrk/python-component-sukmsc PipelineRun python-component-sukmsc-on-pull-request-2vxmt found for Component build-e2e-wqrk/python-component-sukmsc PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: ResolvingTaskRef PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Running PipelineRun python-component-sukmsc-on-pull-request-2vxmt reason: Failed attempt 3/3: PipelineRun "python-component-sukmsc-on-pull-request-2vxmt" failed: pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | init container: prepare 2026/05/02 06:01:15 Entrypoint initialization pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | init container: place-scripts 2026/05/02 06:01:15 Decoded script /tekton/scripts/script-0-42c8p 2026/05/02 06:01:15 Decoded script /tekton/scripts/script-1-clsx6 pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1777701678.9782343,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777701679.423236,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/sample-multi-component @ 9a58fff0b20b171aa9240228699291a7c9c1b6fd (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1777701679.4232862,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777701679.4468265,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision 9a58fff0b20b171aa9240228699291a7c9c1b6fd directly. pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-symlink-check: Running symlink check pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1) Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras push --annotation=quay.expires-after=5d --registry-config /tmp/create-oci.sh.J0N6ty/auth-CgZpio.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd.git SOURCE_ARTIFACT Uploading 30a0bd277a19 SOURCE_ARTIFACT Uploaded 30a0bd277a19 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:29b0286379e2717b11864360450387a73e9986f6be7c3627aab5854f910f9a93 Artifacts created pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | init container: prepare 2026/05/02 06:02:02 Entrypoint initialization pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | init container: place-scripts 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-1-wknqh 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-2-rhf2s 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-3-xkm58 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-4-hkg9r 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-5-n82hr pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras blob fetch --registry-config /tmp/use-oci.sh.OztHxz/auth-Sp4x4T.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1 --output - Restored artifact quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-build: [2026-05-02T06:02:08,343082023+00:00] Validate context path [2026-05-02T06:02:08,346510359+00:00] Update CA trust [2026-05-02T06:02:08,347544486+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T06:02:12,240664532+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-05-02T06:02:12,248230526+00:00] Prepare system (architecture: x86_64) [2026-05-02T06:02:12,264402475+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi9/python-39:1-117.1684741281... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:8a2e9815396eaa57b0dfe27b2dfc442417f06aa70974c358f198980b533c7942 Copying blob sha256:5465449a2ea5d8a7e05fa498c8ba35f0ce7714b0ad37e716961fca17dfa1ef13 Copying blob sha256:085efe85e9dfb0b3d5d2392e4b78660a3091bf1ded336315117a627fbdd0567d Copying blob sha256:a07d808ddf4404b3885fef6100142a973cc667b2c3c4abcf4db96508795b1efb Copying config sha256:45c8f23c11bb64f238236aaf5cbe05595778e1d4fb6c06109c6fcc0a6b57a45b Writing manifest to image destination Storing signatures [2026-05-02T06:02:42,835630513+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-05-02T06:02:12Z", "com.redhat.component": "python-39-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.buildpacks.stack.id": "com.redhat.stacks.ubi9-python-39", "io.k8s.description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "io.k8s.display-name": "Python 3.9", "io.openshift.expose-services": "8080:http", "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i", "io.openshift.tags": "builder,python,python39,python-39,rh-python39", "io.s2i.scripts-url": "image:///usr/libexec/s2i", "maintainer": "SoftwareCollections.org ", "name": "ubi9/python-39", "release": "117.1684741281", "summary": "Platform for building and running Python 3.9 applications", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi9/python-39/images/1-117.1684741281", "usage": "s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.9/test/setup-test-app/ ubi9/python-39 python-sample-app", "vcs-ref": "9a58fff0b20b171aa9240228699291a7c9c1b6fd", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1", "org.opencontainers.image.revision": "9a58fff0b20b171aa9240228699291a7c9c1b6fd", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/sample-multi-component", "quay.expires-after": "5d", "org.opencontainers.image.created": "2026-05-02T06:02:12Z" } [2026-05-02T06:02:42,939251206+00:00] Register sub-man Adding the entitlement to the build [2026-05-02T06:02:42,942342755+00:00] Add secrets [2026-05-02T06:02:42,958124691+00:00] Run buildah build [2026-05-02T06:02:42,959167684+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=9a58fff0b20b171aa9240228699291a7c9c1b6fd --label org.opencontainers.image.revision=9a58fff0b20b171aa9240228699291a7c9c1b6fd --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --label quay.expires-after=5d --label build-date=2026-05-02T06:02:12Z --label org.opencontainers.image.created=2026-05-02T06:02:12Z --annotation org.opencontainers.image.revision=9a58fff0b20b171aa9240228699291a7c9c1b6fd --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --annotation org.opencontainers.image.created=2026-05-02T06:02:12Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.xk9LA0 -t quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd . STEP 1/10: FROM registry.access.redhat.com/ubi9/python-39:1-117.1684741281 STEP 2/10: EXPOSE 8081/tcp STEP 3/10: ENV FLASK_PORT=8081 STEP 4/10: WORKDIR /projects STEP 5/10: COPY . . STEP 6/10: RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; elif [ `ls -1q *.txt | wc -l` == 1 ]; then pip install -r *.txt; fi Collecting Flask==2.3.3 Downloading flask-2.3.3-py3-none-any.whl (96 kB) Collecting blinker>=1.6.2 Downloading blinker-1.9.0-py3-none-any.whl (8.5 kB) Collecting importlib-metadata>=3.6.0 Downloading importlib_metadata-8.7.1-py3-none-any.whl (27 kB) Collecting Jinja2>=3.1.2 Downloading jinja2-3.1.6-py3-none-any.whl (134 kB) Collecting itsdangerous>=2.1.2 Downloading itsdangerous-2.2.0-py3-none-any.whl (16 kB) Collecting click>=8.1.3 Downloading click-8.1.8-py3-none-any.whl (98 kB) Collecting Werkzeug>=2.3.7 Downloading werkzeug-3.1.8-py3-none-any.whl (226 kB) Collecting zipp>=3.20 Downloading zipp-3.23.1-py3-none-any.whl (10 kB) Collecting MarkupSafe>=2.0 Downloading markupsafe-3.0.3-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl (20 kB) Installing collected packages: zipp, MarkupSafe, Werkzeug, Jinja2, itsdangerous, importlib-metadata, click, blinker, Flask Successfully installed Flask-2.3.3 Jinja2-3.1.6 MarkupSafe-3.0.3 Werkzeug-3.1.8 blinker-1.9.0 click-8.1.8 importlib-metadata-8.7.1 itsdangerous-2.2.0 zipp-3.23.1 WARNING: You are using pip version 21.3.1; however, version 26.0.1 is available. You should consider upgrading via the '/opt/app-root/bin/python3.9 -m pip install --upgrade pip' command. STEP 7/10: CMD [ "python", "./app.py" ] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json STEP 9/10: COPY labels.json /root/buildinfo/labels.json STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="9a58fff0b20b171aa9240228699291a7c9c1b6fd" "org.opencontainers.image.revision"="9a58fff0b20b171aa9240228699291a7c9c1b6fd" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/sample-multi-component" "quay.expires-after"="5d" "build-date"="2026-05-02T06:02:12Z" "org.opencontainers.image.created"="2026-05-02T06:02:12Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd --> ca84e75f124f Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd ca84e75f124f87650d18f671c13714546ff668228556de54b4b53120968860cb [2026-05-02T06:02:48,359474036+00:00] Unsetting proxy [2026-05-02T06:02:48,360843489+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi9/python-39:1-117.1684741281 registry.access.redhat.com/ubi9/python-39:1-117.1684741281@sha256:40a58935b9c22664927b22bf256f53a3d744ddb7316f3af18061099e199526ee Getting image source signatures Copying blob sha256:a3551a1f52c5788c9e4e19e7458ecd57b93554fb4cad127b13d61c73c13775e4 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying config sha256:ca84e75f124f87650d18f671c13714546ff668228556de54b4b53120968860cb Writing manifest to image destination [2026-05-02T06:03:22,157574695+00:00] End build pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-push: [2026-05-02T06:03:22,816503114+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T06:03:43,886667723+00:00] Convert image [2026-05-02T06:03:43,887746209+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:python-component-sukmsc-on-pull-request-2vxmt-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd docker://quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:python-component-sukmsc-on-pull-request-2vxmt-build-container Getting image source signatures Copying blob sha256:a3551a1f52c5788c9e4e19e7458ecd57b93554fb4cad127b13d61c73c13775e4 Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-sbom-syft-generate: pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-prepare-sboms: pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-upload-sbom: pod: python-component-sukmsc-on-pull-request-2vxmt-init-pod | init container: prepare 2026/05/02 06:01:09 Entrypoint initialization pod: python-component-sukmsc-on-pull-request-2vxmt-init-pod | container step-init: time="2026-05-02T06:01:13Z" level=info msg="[param] enable: false" time="2026-05-02T06:01:13Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-02T06:01:13Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-02T06:01:13Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-02T06:01:13Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-02T06:01:13Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-02T06:01:13Z" level=info msg="Cache proxy is disabled via param" time="2026-05-02T06:01:13Z" level=info msg="[result] HTTP PROXY: " time="2026-05-02T06:01:13Z" level=info msg="[result] NO PROXY: " [FAILED] in [It] - /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:161 @ 05/02/26 06:06:08.218 << Timeline [FAILED] Expected success, but got an error: <*errors.errorString | 0xc001502b20>: pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | init container: prepare 2026/05/02 06:01:15 Entrypoint initialization pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | init container: place-scripts 2026/05/02 06:01:15 Decoded script /tekton/scripts/script-0-42c8p 2026/05/02 06:01:15 Decoded script /tekton/scripts/script-1-clsx6 pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1777701678.9782343,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777701679.423236,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/sample-multi-component @ 9a58fff0b20b171aa9240228699291a7c9c1b6fd (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1777701679.4232862,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1777701679.4468265,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision 9a58fff0b20b171aa9240228699291a7c9c1b6fd directly. pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-symlink-check: Running symlink check pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1) Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras push --annotation=quay.expires-after=5d --registry-config /tmp/create-oci.sh.J0N6ty/auth-CgZpio.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd.git SOURCE_ARTIFACT Uploading 30a0bd277a19 SOURCE_ARTIFACT Uploaded 30a0bd277a19 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:29b0286379e2717b11864360450387a73e9986f6be7c3627aab5854f910f9a93 Artifacts created pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | init container: prepare 2026/05/02 06:02:02 Entrypoint initialization pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | init container: place-scripts 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-1-wknqh 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-2-rhf2s 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-3-xkm58 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-4-hkg9r 2026/05/02 06:02:03 Decoded script /tekton/scripts/script-5-n82hr pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc Executing: oras blob fetch --registry-config /tmp/use-oci.sh.OztHxz/auth-Sp4x4T.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1 --output - Restored artifact quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-build: [2026-05-02T06:02:08,343082023+00:00] Validate context path [2026-05-02T06:02:08,346510359+00:00] Update CA trust [2026-05-02T06:02:08,347544486+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T06:02:12,240664532+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-05-02T06:02:12,248230526+00:00] Prepare system (architecture: x86_64) [2026-05-02T06:02:12,264402475+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi9/python-39:1-117.1684741281... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:8a2e9815396eaa57b0dfe27b2dfc442417f06aa70974c358f198980b533c7942 Copying blob sha256:5465449a2ea5d8a7e05fa498c8ba35f0ce7714b0ad37e716961fca17dfa1ef13 Copying blob sha256:085efe85e9dfb0b3d5d2392e4b78660a3091bf1ded336315117a627fbdd0567d Copying blob sha256:a07d808ddf4404b3885fef6100142a973cc667b2c3c4abcf4db96508795b1efb Copying config sha256:45c8f23c11bb64f238236aaf5cbe05595778e1d4fb6c06109c6fcc0a6b57a45b Writing manifest to image destination Storing signatures [2026-05-02T06:02:42,835630513+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-05-02T06:02:12Z", "com.redhat.component": "python-39-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.buildpacks.stack.id": "com.redhat.stacks.ubi9-python-39", "io.k8s.description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "io.k8s.display-name": "Python 3.9", "io.openshift.expose-services": "8080:http", "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i", "io.openshift.tags": "builder,python,python39,python-39,rh-python39", "io.s2i.scripts-url": "image:///usr/libexec/s2i", "maintainer": "SoftwareCollections.org ", "name": "ubi9/python-39", "release": "117.1684741281", "summary": "Platform for building and running Python 3.9 applications", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi9/python-39/images/1-117.1684741281", "usage": "s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.9/test/setup-test-app/ ubi9/python-39 python-sample-app", "vcs-ref": "9a58fff0b20b171aa9240228699291a7c9c1b6fd", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1", "org.opencontainers.image.revision": "9a58fff0b20b171aa9240228699291a7c9c1b6fd", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/sample-multi-component", "quay.expires-after": "5d", "org.opencontainers.image.created": "2026-05-02T06:02:12Z" } [2026-05-02T06:02:42,939251206+00:00] Register sub-man Adding the entitlement to the build [2026-05-02T06:02:42,942342755+00:00] Add secrets [2026-05-02T06:02:42,958124691+00:00] Run buildah build [2026-05-02T06:02:42,959167684+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=9a58fff0b20b171aa9240228699291a7c9c1b6fd --label org.opencontainers.image.revision=9a58fff0b20b171aa9240228699291a7c9c1b6fd --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --label quay.expires-after=5d --label build-date=2026-05-02T06:02:12Z --label org.opencontainers.image.created=2026-05-02T06:02:12Z --annotation org.opencontainers.image.revision=9a58fff0b20b171aa9240228699291a7c9c1b6fd --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/sample-multi-component --annotation org.opencontainers.image.created=2026-05-02T06:02:12Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.xk9LA0 -t quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd . STEP 1/10: FROM registry.access.redhat.com/ubi9/python-39:1-117.1684741281 STEP 2/10: EXPOSE 8081/tcp STEP 3/10: ENV FLASK_PORT=8081 STEP 4/10: WORKDIR /projects STEP 5/10: COPY . . STEP 6/10: RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; elif [ `ls -1q *.txt | wc -l` == 1 ]; then pip install -r *.txt; fi Collecting Flask==2.3.3 Downloading flask-2.3.3-py3-none-any.whl (96 kB) Collecting blinker>=1.6.2 Downloading blinker-1.9.0-py3-none-any.whl (8.5 kB) Collecting importlib-metadata>=3.6.0 Downloading importlib_metadata-8.7.1-py3-none-any.whl (27 kB) Collecting Jinja2>=3.1.2 Downloading jinja2-3.1.6-py3-none-any.whl (134 kB) Collecting itsdangerous>=2.1.2 Downloading itsdangerous-2.2.0-py3-none-any.whl (16 kB) Collecting click>=8.1.3 Downloading click-8.1.8-py3-none-any.whl (98 kB) Collecting Werkzeug>=2.3.7 Downloading werkzeug-3.1.8-py3-none-any.whl (226 kB) Collecting zipp>=3.20 Downloading zipp-3.23.1-py3-none-any.whl (10 kB) Collecting MarkupSafe>=2.0 Downloading markupsafe-3.0.3-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl (20 kB) Installing collected packages: zipp, MarkupSafe, Werkzeug, Jinja2, itsdangerous, importlib-metadata, click, blinker, Flask Successfully installed Flask-2.3.3 Jinja2-3.1.6 MarkupSafe-3.0.3 Werkzeug-3.1.8 blinker-1.9.0 click-8.1.8 importlib-metadata-8.7.1 itsdangerous-2.2.0 zipp-3.23.1 WARNING: You are using pip version 21.3.1; however, version 26.0.1 is available. You should consider upgrading via the '/opt/app-root/bin/python3.9 -m pip install --upgrade pip' command. STEP 7/10: CMD [ "python", "./app.py" ] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json STEP 9/10: COPY labels.json /root/buildinfo/labels.json STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="9a58fff0b20b171aa9240228699291a7c9c1b6fd" "org.opencontainers.image.revision"="9a58fff0b20b171aa9240228699291a7c9c1b6fd" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/sample-multi-component" "quay.expires-after"="5d" "build-date"="2026-05-02T06:02:12Z" "org.opencontainers.image.created"="2026-05-02T06:02:12Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd --> ca84e75f124f Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd ca84e75f124f87650d18f671c13714546ff668228556de54b4b53120968860cb [2026-05-02T06:02:48,359474036+00:00] Unsetting proxy [2026-05-02T06:02:48,360843489+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi9/python-39:1-117.1684741281 registry.access.redhat.com/ubi9/python-39:1-117.1684741281@sha256:40a58935b9c22664927b22bf256f53a3d744ddb7316f3af18061099e199526ee Getting image source signatures Copying blob sha256:a3551a1f52c5788c9e4e19e7458ecd57b93554fb4cad127b13d61c73c13775e4 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying config sha256:ca84e75f124f87650d18f671c13714546ff668228556de54b4b53120968860cb Writing manifest to image destination [2026-05-02T06:03:22,157574695+00:00] End build pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-push: [2026-05-02T06:03:22,816503114+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-05-02T06:03:43,886667723+00:00] Convert image [2026-05-02T06:03:43,887746209+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:python-component-sukmsc-on-pull-request-2vxmt-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd docker://quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:python-component-sukmsc-on-pull-request-2vxmt-build-container Getting image source signatures Copying blob sha256:a3551a1f52c5788c9e4e19e7458ecd57b93554fb4cad127b13d61c73c13775e4 Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-sbom-syft-generate: pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-prepare-sboms: pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-upload-sbom: pod: python-component-sukmsc-on-pull-request-2vxmt-init-pod | init container: prepare 2026/05/02 06:01:09 Entrypoint initialization pod: python-component-sukmsc-on-pull-request-2vxmt-init-pod | container step-init: time="2026-05-02T06:01:13Z" level=info msg="[param] enable: false" time="2026-05-02T06:01:13Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-02T06:01:13Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-02T06:01:13Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-02T06:01:13Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-02T06:01:13Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-02T06:01:13Z" level=info msg="Cache proxy is disabled via param" time="2026-05-02T06:01:13Z" level=info msg="[result] HTTP PROXY: " time="2026-05-02T06:01:13Z" level=info msg="[result] NO PROXY: " { s: "\n pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | init container: prepare\n2026/05/02 06:01:15 Entrypoint initialization\n\n pod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | init container: place-scripts\n2026/05/02 06:01:15 Decoded script /tekton/scripts/script-0-42c8p\n2026/05/02 06:01:15 Decoded script /tekton/scripts/script-1-clsx6\n\npod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-clone: \nINFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt\n{\"level\":\"info\",\"ts\":1777701678.9782343,\"caller\":\"git/git.go:394\",\"msg\":\"Retrying operation (attempt 1)\"}\n{\"level\":\"info\",\"ts\":1777701679.423236,\"caller\":\"git/git.go:223\",\"msg\":\"Successfully cloned https://github.com/redhat-appstudio-qe/sample-multi-component @ 9a58fff0b20b171aa9240228699291a7c9c1b6fd (grafted, HEAD) in path /var/workdir/source\"}\n{\"level\":\"info\",\"ts\":1777701679.4232862,\"caller\":\"git/git.go:394\",\"msg\":\"Retrying operation (attempt 1)\"}\n{\"level\":\"info\",\"ts\":1777701679.4468265,\"caller\":\"git/git.go:277\",\"msg\":\"Successfully initialized and updated submodules in path /var/workdir/source\"}\nMerge option disabled. Using checked-out revision 9a58fff0b20b171aa9240228699291a7c9c1b6fd directly.\n\npod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-symlink-check: \nRunning symlink check\n\npod: python-component-sukmsc-on-591f02614276501c9909e28298413f3d-pod | container step-create-trusted-artifact: \nPrepared artifact from /var/workdir/source (sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1)\nUsing token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc\nExecuting: oras push --annotation=quay.expires-after=5d --registry-config /tmp/create-oci.sh.J0N6ty/auth-CgZpio.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd.git SOURCE_ARTIFACT\nUploading 30a0bd277a19 SOURCE_ARTIFACT\nUploaded 30a0bd277a19 SOURCE_ARTIFACT\nPushed [registry] quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc:on-pr-9a58fff0b20b171aa9240228699291a7c9c1b6fd.git\nArtifactType: application/vnd.unknown.artifact.v1\nDigest: sha256:29b0286379e2717b11864360450387a73e9986f6be7c3627aab5854f910f9a93\nArtifacts created\n\n\n pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | init container: prepare\n2026/05/02 06:02:02 Entrypoint initialization\n\n pod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | init container: place-scripts\n2026/05/02 06:02:03 Decoded script /tekton/scripts/script-1-wknqh\n2026/05/02 06:02:03 Decoded script /tekton/scripts/script-2-rhf2s\n2026/05/02 06:02:03 Decoded script /tekton/scripts/script-3-xkm58\n2026/05/02 06:02:03 Decoded script /tekton/scripts/script-4-hkg9r\n2026/05/02 06:02:03 Decoded script /tekton/scripts/script-5-n82hr\n\npod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-use-trusted-artifact: \nUsing token for quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc\nExecuting: oras blob fetch --registry-config /tmp/use-oci.sh.OztHxz/auth-Sp4x4T.json quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1 --output -\nRestored artifact quay.io/redhat-appstudio-qe/build-e2e-wqrk/python-component-sukmsc@sha256:30a0bd277a19ad7be874275280017ea11cf53bbb756ca66fd1cdcd2fa0c312c1 to /var/workdir/source\nWARN: artifact URI not provided, (given: =/var/workdir/cachi2)\n\n\npod: python-component-sukmsc-on-7390bf2e487a3b4c4aee6988d7d2b712-pod | container step-build: \n[2026-05-02T06:02:08,343082023+00:00] Validate context path\n[2026-05-02T06:02:08,346510359+00:00] Update CA trust\n[2026-05-02T06:02:08,347544486+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt\n'/mnt/trusted-ca/ca-bundle.crt' -> ... Gomega truncated this representation as it exceeds 'format.MaxLength'. Consider having the object provide a custom 'GomegaStringer' representation or adjust the parameters in Gomega's 'format' package. Learn more here: https://onsi.github.io/gomega/#adjusting-output In [It] at: /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:161 @ 05/02/26 06:06:08.218 ------------------------------ SSSSSSSSSSSSSSSSSSSSSSSS Summarizing 1 Failure: [FAIL] [build-service-suite Build service E2E tests] test pac with multiple components using same repository when components are created in same namespace [It] the PipelineRun should eventually finish successfully for component python-component-sukmsc [build-service, github, pac-build, multi-component] /tmp/tmp.O2kCCFO8V9/tests/build/multi_component.go:161 Ran 145 of 467 Specs in 3589.005 seconds FAIL! -- 144 Passed | 1 Failed | 88 Pending | 234 Skipped Ginkgo ran 1 suite in 1h2m5.402527976s Test Suite Failed E0502 06:06:11.287760 18344 types.go:186] Failed to execute rule: build-service repo CI Workflow Rule: Execute the full workflow for e2e-tests repo in CI Error: running "ginkgo --seed=1777698239 --timeout=1h30m0s --grace-period=30s --output-interceptor-mode=none --label-filter=build-service --no-color --json-report=e2e-report.json --junit-report=e2e-report.xml --procs=20 --nodes=20 --p --output-dir=/workspace/artifact-dir ./cmd --" failed with exit code 1 make: *** [Makefile:25: ci/test/e2e] Error 1